SPID - Riprovare (Second try login )

[amdounio]

    Hello , 

Thanks you for this plugin , but i have the same problem , i login via spid in the second try

"SPID - Riprovare" in the first try ,

Originally posted by @amdounio in #34 (comment)

[unixforce]

@amdounio The problem was due on cookie PHPSESSID destroyed by some browser (Google Chrome/ Microsoft Edge) on cross domain requests.

To prevent this issue I've modified the session_start() call on plugin hook 'init' on this way with 3 options:

if ( session_status() == PHP_SESSION_NONE ) {
     session_set_cookie_params(['samesite' => 'None']); 
     session_start(['cookie_secure' => true,'cookie_httponly' => true]);
}

And wp-spid-italia.php:

if ( isset( $_GET['spid_idp'] ) && $_GET['spid_idp'] != '' ) {
            if ( $sp->isAuthenticated() ) {

                        unset($_SESSION['RequestID']);
		        unset($_SESSION['idpName']);
		        unset($_SESSION['idpEntityId']);
		        unset($_SESSION['acsUrl']);
		        unset($_SESSION['spidSession']['idp']);
		        unset($_SESSION['spidSession']);
		        
		        unset($_SESSION['inResponseTo']);
		        unset($_SESSION['spid_redirect_to']);
		        unset($_SESSION['sloUrl']);

           }
}

This code will fix the issue. I Hope this help you !

Regards
Nunzio