function _getOpenID1SessionType($assoc_response)
{
// If it's an OpenID 1 message, allow session_type to default
// to None (which signifies "no-encryption")
$session_type = $assoc_response->getArg(Auth_OpenID_OPENID1_NS, 'session_type');
// Handle the differences between no-encryption association
// respones in OpenID 1 and 2:
// no-encryption is not really a valid session type for OpenID
// 1, but we'll accept it anyway, while issuing a warning.
if ($session_type == 'no-encryption') {
// oidutil.log('WARNING: OpenID server sent "no-encryption"'
// 'for OpenID 1.X')
} else {
if ($session_type == '' || $session_type === null) {
// Missing or empty session type is the way to flag a
// 'no-encryption' response. Change the session type to
// 'no-encryption' so that it can be handled in the same
// way as OpenID 2 'no-encryption' respones.
$session_type = 'no-encryption';
}
}
return $session_type;
}