Fix SessionHandlerCookie to generate session ids on the expected format.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@551 44740490-163a-0410-bde0-09ae8108e29a

lib/SimpleSAML/SessionHandlerCookie.php

@@ -3,7 +3,7 @@
 /* We need access to the configuration from config/config.php. */
 require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Configuration.php');
 
-/* We need the generateID function from Utilities. */
+/* We need the randomBytes and stringToHex functions from Utilities. */
 require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Utilities.php');
 
 /**
@@ -49,7 +49,7 @@ extends SimpleSAML_SessionHandler {
 		}
 
 		/* We don't have a valid session. Create a new session id. */
-		$this->session_id = SimpleSAML_Utilities::generateID();
+		$this->session_id = self::createSessionID();
 		setcookie('SimpleSAMLSessionID', $this->session_id, 0, '/',
 			NULL, self::secureCookie(), TRUE);
 	}
@@ -87,6 +87,17 @@ extends SimpleSAML_SessionHandler {
 	}
 
 
+	/* This static function creates a session id. A session id consists
+	 * of 32 random hexadecimal characters.
+	 *
+	 * Returns:
+	 *  A random session id.
+	 */
+	private static function createSessionID() {
+		return SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(16));
+	}
+
+
 	/* This static function validates a session id. A session id is valid
 	 * if it only consists of characters which are allowed in a session id
 	 * and it is the correct length.