From 6a265f6061a1759d6b1edd68b5b838be1fc9727f Mon Sep 17 00:00:00 2001
From: Iwan Luijks <iluijks@fingerspitz.nl>
Date: Mon, 1 Apr 2019 11:54:07 +0200
Subject: [PATCH] rememberme: Set cookie lifetime iso expire fixing the
 remember me feature and respective errors.

Currently the remember me functionality does not work correctly and using it results in severable undefined index errors as the expire cookie parameter is passed along the SessionHandlerPHP which does not accept this one. Using lifetime instead of expire, effectively doing the same thing, this can be fixed in a pretty simple way. Next to that the params given to the session handler are merged with the current ones before given to the session handler instead of after.
---
 lib/SimpleSAML/Session.php | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php
index 58081d72b..78ada3274 100644
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -577,17 +577,17 @@ class Session implements Serializable, Utils\ClearableState
     /**
      * Set remember me expire time.
      *
-     * @param int $expire Unix timestamp when remember me session cookies expire.
+     * @param int $lifetime Number of seconds after when remember me session cookies expire.
      * @return void
      */
-    public function setRememberMeExpire(int $expire = null): void
+    public function setRememberMeExpire(int $lifetime = null): void
     {
-        if ($expire === null) {
-            $expire = time() + self::$config->getInteger('session.rememberme.lifetime', 14 * 86400);
+        if ($lifetime === null) {
+            $lifetime = self::$config->getInteger('session.rememberme.lifetime', 14 * 86400);
         }
-        $this->rememberMeExpire = $expire;
+        $this->rememberMeExpire = time() + $lifetime;
 
-        $cookieParams = ['expire' => $this->rememberMeExpire];
+        $cookieParams = ['lifetime' => $lifetime];
         $this->updateSessionCookies($cookieParams);
     }
 
@@ -789,6 +789,7 @@ class Session implements Serializable, Utils\ClearableState
     public function updateSessionCookies(array $params = []): void
     {
         $sessionHandler = SessionHandler::getSessionHandler();
+        $params = array_merge($sessionHandler->getCookieParams(), is_array($params) ? $params : []);
 
         if ($this->sessionId !== null) {
             $sessionHandler->setCookie($sessionHandler->getSessionCookieName(), $this->sessionId, $params);
-- 
GitLab