From 6bbb208a0ba2d5d32dae0b488670fa13bae5b185 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Tue, 13 May 2008 15:02:48 +0000
Subject: [PATCH] Fix SessionHandlerCookie to generate session ids on the
 expected format.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@551 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/SessionHandlerCookie.php | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/lib/SimpleSAML/SessionHandlerCookie.php b/lib/SimpleSAML/SessionHandlerCookie.php
index 7b82f4035..a8c296300 100644
--- a/lib/SimpleSAML/SessionHandlerCookie.php
+++ b/lib/SimpleSAML/SessionHandlerCookie.php
@@ -3,7 +3,7 @@
 /* We need access to the configuration from config/config.php. */
 require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Configuration.php');
 
-/* We need the generateID function from Utilities. */
+/* We need the randomBytes and stringToHex functions from Utilities. */
 require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Utilities.php');
 
 /**
@@ -49,7 +49,7 @@ extends SimpleSAML_SessionHandler {
 		}
 
 		/* We don't have a valid session. Create a new session id. */
-		$this->session_id = SimpleSAML_Utilities::generateID();
+		$this->session_id = self::createSessionID();
 		setcookie('SimpleSAMLSessionID', $this->session_id, 0, '/',
 			NULL, self::secureCookie(), TRUE);
 	}
@@ -87,6 +87,17 @@ extends SimpleSAML_SessionHandler {
 	}
 
 
+	/* This static function creates a session id. A session id consists
+	 * of 32 random hexadecimal characters.
+	 *
+	 * Returns:
+	 *  A random session id.
+	 */
+	private static function createSessionID() {
+		return SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(16));
+	}
+
+
 	/* This static function validates a session id. A session id is valid
 	 * if it only consists of characters which are allowed in a session id
 	 * and it is the correct length.
-- 
GitLab