jfritschi
commented
9 years ago Could uses some hardening: #151 #147
Closed Laurenzi closed 8 years ago
jfritschi
commented
9 years ago Could uses some hardening: #151 #147
jfritschi
commented
9 years ago @Laurenzi Please check master. I have introduced a fix for this issue with the setVerbose() function. It's disabled by default but can be switched on: https://github.com/Jasig/phpCAS/blob/master/docs/examples/example_simple.php or off like in: https://github.com/Jasig/phpCAS/blob/master/docs/examples/example_hardening.php
Any feedback is welcome
jfritschi
commented
8 years ago Should be fixed
If after successful CAS login, PHPSESSID cookie is set to empty value (for example) and the page reloaded, the following error message is displayed to user in otherwise empty page: phpCAS error: phpCAS::client(): ErrorException: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /var/www/example_webapp_domain/public_html/example_webapp/vendor/xavrsl/cas/src/Xavrsl/Cas/Sso.php on line 172
The error message is too verbose and gives out unneccessary information for the user, such as the absolute path in filesystem to the web application.