Implemented BACKLOG-1081 - Improved error message when user loses session (possible due to third party cookies not being allowed by the browser

oharsta · oharsta · commit 54d88b03fc0a · 2013-09-26T16:54:08.000+02:00
diff --git a/application/modules/Authentication/Controller/ServiceProvider.php b/application/modules/Authentication/Controller/ServiceProvider.php
@@ -39,6 +39,10 @@ public function consumeAssertionAction()
             $application->handleExceptionWithFeedback($e,
                 '/authentication/feedback/vomembershiprequired');
         }
+        catch (EngineBlock_Corto_Module_Services_SessionLostException $e) {
+            $application->handleExceptionWithFeedback($e,
+                '/authentication/feedback/session-lost');
+        }
         catch (EngineBlock_Corto_Module_Bindings_UnableToReceiveMessageException $e) {
             $application->handleExceptionWithFeedback($e,
                 '/authentication/feedback/unable-to-receive-message');
diff --git a/languages/en.php b/languages/en.php
@@ -217,7 +217,7 @@
     'error_session_lost'            => 'Error - your session was lost..',
     'error_session_lost_desc'       => '<p>
         Somewhere along the way, your session with us was lost. <br />
-        Maybe you have cookies disabled? <br />
+        Most likely your browser privacy or security settings prevented the cookie to be set? <br />
         Please go back and try again.
         <br /><br />
     </p>',
diff --git a/languages/nl.php b/languages/nl.php
@@ -216,7 +216,7 @@
     'error_session_lost'                => 'Error - Uw sessie is verloren gegaan..',
     'error_session_lost_desc'           => '<p>
         Uw sessie is ergens verloren gegaan.<br />
-        Misschien heeft u uw cookies uitgezet?<br />
+        Waarschijnlijk mocht de cookie niet worden gezet door de strikte privacy configuratie van uw browser?<br />
         Ga alstublieft terug en probeer het opnieuw.
         <br /><br />
     </p>',
diff --git a/library/EngineBlock/Corto/ProxyServer.php b/library/EngineBlock/Corto/ProxyServer.php
@@ -930,7 +930,7 @@ public function getReceivedRequestFromResponse($id)
         // Check the session for a AuthnRequest with the given ID
         // Expect to get back an AuthnRequest issued by EngineBlock and destined for the IdP
         if (!$id || !isset($_SESSION[$id])) {
-            throw new EngineBlock_Corto_ProxyServer_Exception(
+            throw new EngineBlock_Corto_Module_Services_SessionLostException(
                 "Trying to find a AuthnRequest (we made and sent) with id '$id' but it is not known in this session? ".
                 "This could be an unsolicited Response (which we do not support) but more likely the user lost their session",
                 EngineBlock_Corto_ProxyServer_Exception::CODE_NOTICE
