From 80db8bc61565aa478c6c742d1502cb51151413f6 Mon Sep 17 00:00:00 2001 From: Olav Morken <olav.morken@uninett.no> Date: Tue, 12 Jul 2011 12:35:01 +0000 Subject: [PATCH] Make SimpleSAMLAuthToken cookie name configurable. Thanks to Stein Welberg for implementing this! git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2871 44740490-163a-0410-bde0-09ae8108e29a --- config-templates/config.php | 7 ++++++- lib/SimpleSAML/Session.php | 8 +++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/config-templates/config.php b/config-templates/config.php index 469fd1f0f..461a9f0c1 100644 --- a/config-templates/config.php +++ b/config-templates/config.php @@ -215,7 +215,12 @@ $config = array ( 'session.phpsession.cookiename' => null, 'session.phpsession.savepath' => null, 'session.phpsession.httponly' => FALSE, - + + /* + * Option to override the default settings for the auth token cookie + */ + 'session.authtoken.cookiename' => null, + /* * Languages available, RTL languages, and what language is default */ diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php index 79ecd025c..8d4142265 100644 --- a/lib/SimpleSAML/Session.php +++ b/lib/SimpleSAML/Session.php @@ -498,7 +498,7 @@ class SimpleSAML_Session { $this->authToken = SimpleSAML_Utilities::generateID(); $sessionHandler = SimpleSAML_SessionHandler::getSessionHandler(); - $sessionHandler->setCookie('SimpleSAMLAuthToken', $this->authToken); + $sessionHandler->setCookie($globalConfig->getString('session.authtoken.cookiename', 'SimpleSAMLAuthToken'), $this->authToken); } @@ -993,11 +993,13 @@ class SimpleSAML_Session { } if ($checkToken && $session->authToken !== NULL) { - if (!isset($_COOKIE['SimpleSAMLAuthToken'])) { + $globalConfig = SimpleSAML_Configuration::getInstance(); + $authTokenCookieName = $globalConfig->getString('session.authtoken.cookiename', 'SimpleSAMLAuthToken'); + if (!isset($_COOKIE[$authTokenCookieName])) { SimpleSAML_Logger::warning('Missing AuthToken cookie.'); return NULL; } - if ($_COOKIE['SimpleSAMLAuthToken'] !== $session->authToken) { + if ($_COOKIE[$authTokenCookieName] !== $session->authToken) { SimpleSAML_Logger::warning('Invalid AuthToken cookie.'); return NULL; } -- GitLab