diff options
| author | Jaime Pérez <jaime.perez@uninett.no> | 2016-07-02 17:20:56 +0200 |
|---|---|---|
| committer | Jaime Pérez <jaime.perez@uninett.no> | 2016-07-02 17:20:56 +0200 |
| commit | 8756835bacc7057734aba7fe349b534e63261253 (patch) | |
| tree | 0bb638571498ef3860c52965761ccc28a156a29b | |
| parent | ae8c4195b3284c73c3a9080b5e306733d2230b5a (diff) | |
| download | simplesamlphp-8756835bacc7057734aba7fe349b534e63261253.zip simplesamlphp-8756835bacc7057734aba7fe349b534e63261253.tar.gz simplesamlphp-8756835bacc7057734aba7fe349b534e63261253.tar.bz2 | |
SimpleSAML_Session should set the auth token using the SimpleSAML\Utils\HTTP::setCookie(), instead of the setCookie() method provided by session handlers.
The SimpleSAML_SessionHandler::setCookie() method should be used only to set the session cookie, not random cookies. If we want cookies to have the same parameters as session cookies, we can always get the session parameters calling SimpleSAML_SessionHandler::getSessionParams() and pass them to SimpleSAML\Utils\HTTP::setCookie().
| -rw-r--r-- | lib/SimpleSAML/Session.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php index 153478a..7f482a6 100644 --- a/lib/SimpleSAML/Session.php +++ b/lib/SimpleSAML/Session.php @@ -541,9 +541,10 @@ class SimpleSAML_Session $this->setRememberMeExpire(); } else { - $sessionHandler->setCookie( + SimpleSAML\Utils\HTTP::setCookie( $globalConfig->getString('session.authtoken.cookiename', 'SimpleSAMLAuthToken'), - $this->authToken + $this->authToken, + $sessionHandler->getCookieParams() ); } } |