Set the session name explicitly in SessionHandlerPHP, even when we are using the default value.

1 files changed, 2 insertions, 6 deletions

diff --git a/lib/SimpleSAML/SessionHandlerPHP.php b/lib/SimpleSAML/SessionHandlerPHP.php
index 6907938..6f952b3 100644
--- a/lib/SimpleSAML/SessionHandlerPHP.php
+++ b/lib/SimpleSAML/SessionHandlerPHP.php
@@ -42,7 +42,7 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler
         parent::__construct();
 
         $config = SimpleSAML_Configuration::getInstance();
-        $this->cookie_name = $config->getString('session.phpsession.cookiename', null);
+        $this->cookie_name = $config->getString('session.phpsession.cookiename', ini_get('session.name'));
 
         if (function_exists('session_status') && defined('PHP_SESSION_ACTIVE')) { // PHP >= 5.4
             $previous_session = session_status() === PHP_SESSION_ACTIVE;
@@ -61,11 +61,7 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler
             session_write_close();
         }
 
-        if (!empty($this->cookie_name)) {
-            session_name($this->cookie_name);
-        } else {
-            $this->cookie_name = session_name();
-        }
+        session_name($this->cookie_name);
 
         $params = $this->getCookieParams();