Only initialize the session-storage array when values are populated. (apereo#429) (apereo#430)

adamfranco · web-flow · commit 1685333f8aba · 2022-12-02T13:55:52.000+01:00
Note that the `$_SESSION` array will only stay empty when `phpCAS::client()` is used.
`phpCAS::proxy()` will still trigger the creation of `$_SESSION['phpcas']['service_cookies'] as
that array currently needs to be passed as a refrence to the `CAS_CookieJar`'s constructor.
diff --git a/source/CAS/Client.php b/source/CAS/Client.php
@@ -973,11 +973,6 @@ public function __construct(
                 session_start();
                 phpCAS :: trace("Starting a new session " . session_id());
             }
-            // init phpCAS session array
-            if (!isset($_SESSION[static::PHPCAS_SESSION_PREFIX])
-                || !is_array($_SESSION[static::PHPCAS_SESSION_PREFIX])) {
-                $_SESSION[static::PHPCAS_SESSION_PREFIX] = array();
-            }
         }
 
         // Only for debug purposes
@@ -1198,9 +1193,21 @@ protected function setSessionValue($key, $value)
     {
         $this->validateSession($key);
 
+        $this->ensureSessionArray();
         $_SESSION[static::PHPCAS_SESSION_PREFIX][$key] = $value;
     }
 
+    /**
+     * Ensure that the session array is initialized before writing to it.
+     */
+    protected function ensureSessionArray() {
+      // init phpCAS session array
+      if (!isset($_SESSION[static::PHPCAS_SESSION_PREFIX])
+          || !is_array($_SESSION[static::PHPCAS_SESSION_PREFIX])) {
+          $_SESSION[static::PHPCAS_SESSION_PREFIX] = array();
+      }
+    }
+
     /**
      * Remove a session value with the given key.
      *
