Closed Laurenzi closed 8 years ago
Could uses some hardening: #151 #147
@Laurenzi Please check master. I have introduced a fix for this issue with the setVerbose() function. It's disabled by default but can be switched on: https://github.com/Jasig/phpCAS/blob/master/docs/examples/example_simple.php or off like in: https://github.com/Jasig/phpCAS/blob/master/docs/examples/example_hardening.php
Any feedback is welcome
Should be fixed
If after successful CAS login, PHPSESSID cookie is set to empty value (for example) and the page reloaded, the following error message is displayed to user in otherwise empty page: phpCAS error: phpCAS::client(): ErrorException: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /var/www/example_webapp_domain/public_html/example_webapp/vendor/xavrsl/cas/src/Xavrsl/Cas/Sso.php on line 172
The error message is too verbose and gives out unneccessary information for the user, such as the absolute path in filesystem to the web application.