Contrib.social

$session->destroy() in simplesamlphp_auth_user_logout() seems unnecessay with Drupal 10.4

Open on Drupal.org โ†’
Created on 30 May 2025, about 1 month ago

Problem/Motivation

Hi, I have found PHP warning log when a user logs out.
Could you guys take a look at this?

- Drupal 10.4.6
- simpleSAMLphp Authentication: 4.0.1
- SimpleSAMLphp: 2.4.0
- PHP: 8.3.21

Steps to reproduce

1. Login to Drupal site with SimpleSAMLphp.
2. Logout.
3. PHP warning is recorded in recent log.

Warning: session_destroy(): Trying to destroy uninitialized session in Drupal\Core\Session\SessionManager->destroy() (line 260 of /var/www/html/drupal-10.4.6/web/core/lib/Drupal/Core/Session/SessionManager.php)
#0 /var/www/html/drupal-10.4.6/web/core/includes/bootstrap.inc(166): _drupal_error_handler_real()
#1 [internal function]: _drupal_error_handler()
#2 /var/www/html/drupal-10.4.6/web/core/lib/Drupal/Core/Session/SessionManager.php(260): session_destroy()
#3 /var/www/html/drupal-10.4.6/web/core/modules/user/user.module(1250): Drupal\Core\Session\SessionManager->destroy()
#4 /var/www/html/drupal-10.4.6/web/core/modules/user/src/Controller/UserController.php(402): user_logout()
#5 [internal function]: Drupal\user\Controller\UserController->logout()
#6 /var/www/html/drupal-10.4.6/web/core/lib/Drupal/Core/EventSubscriber/EarlyRenderingControllerWrapperSubscriber.php(123): call_user_func_array()
#7 /var/www/html/drupal-10.4.6/web/core/lib/Drupal/Core/Render/Renderer.php(638): Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->Drupal\Core\EventSubscriber\{closure}()
#8 /var/www/html/drupal-10.4.6/web/core/lib/Drupal/Core/EventSubscriber/EarlyRenderingControllerWrapperSubscriber.php(121): Drupal\Core\Render\Renderer->executeInRenderContext()
#9 /var/www/html/drupal-10.4.6/web/core/lib/Drupal/Core/EventSubscriber/EarlyRenderingControllerWrapperSubscriber.php(97): Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->wrapControllerExecutionInRenderContext()
#10 /var/www/html/drupal-10.4.6/vendor/symfony/http-kernel/HttpKernel.php(181): Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->Drupal\Core\EventSubscriber\{closure}()
#11 /var/www/html/drupal-10.4.6/vendor/symfony/http-kernel/HttpKernel.php(76): Symfony\Component\HttpKernel\HttpKernel->handleRaw()
#12 /var/www/html/drupal-10.4.6/web/core/lib/Drupal/Core/StackMiddleware/Session.php(53): Symfony\Component\HttpKernel\HttpKernel->handle()
#13 /var/www/html/drupal-10.4.6/web/core/lib/Drupal/Core/StackMiddleware/KernelPreHandle.php(48): Drupal\Core\StackMiddleware\Session->handle()
#14 /var/www/html/drupal-10.4.6/web/core/lib/Drupal/Core/StackMiddleware/ContentLength.php(28): Drupal\Core\StackMiddleware\KernelPreHandle->handle()
#15 /var/www/html/drupal-10.4.6/web/core/modules/big_pipe/src/StackMiddleware/ContentLength.php(32): Drupal\Core\StackMiddleware\ContentLength->handle()
#16 /var/www/html/drupal-10.4.6/web/core/modules/page_cache/src/StackMiddleware/PageCache.php(116): Drupal\big_pipe\StackMiddleware\ContentLength->handle()
#17 /var/www/html/drupal-10.4.6/web/core/modules/page_cache/src/StackMiddleware/PageCache.php(90): Drupal\page_cache\StackMiddleware\PageCache->pass()
#18 /var/www/html/drupal-10.4.6/web/core/lib/Drupal/Core/StackMiddleware/ReverseProxyMiddleware.php(48): Drupal\page_cache\StackMiddleware\PageCache->handle()
#19 /var/www/html/drupal-10.4.6/web/core/lib/Drupal/Core/StackMiddleware/NegotiationMiddleware.php(51): Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle()
#20 /var/www/html/drupal-10.4.6/web/core/lib/Drupal/Core/StackMiddleware/AjaxPageState.php(36): Drupal\Core\StackMiddleware\NegotiationMiddleware->handle()
#21 /var/www/html/drupal-10.4.6/web/core/lib/Drupal/Core/StackMiddleware/StackedHttpKernel.php(51): Drupal\Core\StackMiddleware\AjaxPageState->handle()
#22 /var/www/html/drupal-10.4.6/web/core/lib/Drupal/Core/DrupalKernel.php(741): Drupal\Core\StackMiddleware\StackedHttpKernel->handle()
#23 /var/www/html/drupal-10.4.6/web/index.php(19): Drupal\Core\DrupalKernel->handle()
#24 {main}

Proposed resolution

Comment out $session->destroy() in simplesamlphp_auth.module.

simplesamlphp_auth.module

/**
 * Implements hook_user_logout().
 */
function simplesamlphp_auth_user_logout(AccountInterface $account) {
  $logout_url = \Drupal::config('simplesamlphp_auth.settings')->get('logout_goto_url');
  /** @var \Drupal\simplesamlphp_auth\Service\SimplesamlphpAuthManager $simplesaml */
  $simplesaml = \Drupal::service('simplesamlphp_auth.manager');
  $session = \Drupal::service('session_manager');

  // Only interfere if this user was logged in through simplesaml.
  if ($simplesaml->isActivated() && $simplesaml->isAuthenticated()) {
    // Have to destroy the session here as some configurations of
    // SimpleSAMLphp_auth can create infinite loops. By removing IdP auth before
    // Drupal auth, checks for local authentication will trigger before the
    // session is destroyed naturally. We must therefore destroy the session
    // manually here.
    // Copied from user.module method user_logout().
<strong>//</strong>    $session->destroy();
    $account->setAccount(new AnonymousUserSession());

    if ($logout_url) {
      $simplesaml->logout($logout_url);
    }
    else {
      $simplesaml->logout();
    }
  }
}
๐Ÿ› Bug report
Status

Active

Version

4.0

Component

Code

Created by

kubokura

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024