I have an app integrated with saml2 on azure, on my system I always check to see if the user is logged in using:
$as = new \SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth();
however when I log out the user from azure the requireAuth returns that the user is still logged in, only when I close the browser and enter it again it sends the user to log in again.
Using PHP sessions in SimpleSAMLphp will close any existing session when invoked for the first time, and its own session will prevail afterwards.
If you want to restore your own session after calling SimpleSAMLphp, you can cleaning up the session by using following steps:
$session = \SimpleSAML\Session::getSessionFromRequest();
$session->cleanup();
If you don't want to cleanup SimpleSAMLphp's session and try to use $_SESSION afterwards, you won't be using your own session and all your data is likely to get lost or inaccessible.
Note that if your application uses a custom session handler. You can lead to problems because SimpleSAMLphp's stand-alone web UI uses the default PHP session handlers. So, you need to unset the custom handler before making any calls to SimpleSAMLphp:
// use custom save handler
session_set_save_handler($handler);
session_start();
// close session and restore default handler
session_write_close();
session_set_save_handler(new SessionHandler(), true);
// use SimpleSAML\Session
$session = \SimpleSAML\Session::getSessionFromRequest();
$session->cleanup();
session_write_close();
// back to custom save handler
session_set_save_handler($handler);
session_start();
Refer Doc & SO thread for usage of session
