From 921eee7bb60e78019d4ba3260026d19716a760de Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tvdijen@gmail.com>
Date: Sat, 28 Jul 2018 16:27:58 +0200
Subject: [PATCH] Secure cookies

---
 modules/consent/lib/Consent/Store/Cookie.php | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/modules/consent/lib/Consent/Store/Cookie.php b/modules/consent/lib/Consent/Store/Cookie.php
index fa24d6ebe..ad448c799 100644
--- a/modules/consent/lib/Consent/Store/Cookie.php
+++ b/modules/consent/lib/Consent/Store/Cookie.php
@@ -279,18 +279,12 @@ class Cookie extends \SimpleSAML\Module\consent\Store
 
         $globalConfig = \SimpleSAML\Configuration::getInstance();
         $params = array(
-            'lifetime' => (90*24*60*60),
+            'lifetime' => 7776000,    // (90*24*60*60)
             'path' => ($globalConfig->getBasePath()),
-            'httponly' => false,
+            'httponly' => true,
+            'secure' => \SimpleSAML\Utils\HTTP::isHTTPS(),
         );
 
-        if (\SimpleSAML\Utils\HTTP::isHTTPS()) {
-            // Enable secure cookie for https-requests
-            $params['secure'] = true;
-        } else {
-            $params['secure'] = false;
-        }
-
         \SimpleSAML\Utils\HTTP::setCookie($name, $value, $params, false);
     }
 }
-- 
GitLab