From 6b4a7d927ff94dcbf0a9e619b836d93d0aecb093 Mon Sep 17 00:00:00 2001
From: Daniel Falkner Hansen <danha@ist.com>
Date: Mon, 29 Jan 2018 08:44:53 +0100
Subject: [PATCH] Always retrieve cookieParams from SessionHandler

---
 lib/SimpleSAML/Session.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php
index f9fe2cb2e..a69327667 100644
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -755,13 +755,19 @@ class SimpleSAML_Session implements Serializable
     {
         $sessionHandler = \SimpleSAML\SessionHandler::getSessionHandler();
 
+        if (is_array($params) && !empty($params)) {
+            $params = array_merge($sessionHandler->getCookieParams(), $params);
+        } else {
+            $params = $sessionHandler->getCookieParams();
+        }
+
         if ($this->sessionId !== null) {
             $sessionHandler->setCookie($sessionHandler->getSessionCookieName(), $this->sessionId, $params);
         }
 
         if ($this->authToken !== null) {
             $globalConfig = SimpleSAML_Configuration::getInstance();
-            $sessionHandler->setCookie(
+            \SimpleSAML\Utils\HTTP::setCookie(
                 $globalConfig->getString('session.authtoken.cookiename', 'SimpleSAMLAuthToken'),
                 $this->authToken,
                 $params
-- 
GitLab