diff --git a/lib/SimpleSAML/Auth/TimeLimitedToken.php b/lib/SimpleSAML/Auth/TimeLimitedToken.php
index 0da582665f39739699f55f312bbfaee97c8374f5..69885d8b8520bff3d7f3fe93a09bde9d33900c58 100644
--- a/lib/SimpleSAML/Auth/TimeLimitedToken.php
+++ b/lib/SimpleSAML/Auth/TimeLimitedToken.php
@@ -25,9 +25,9 @@ class TimeLimitedToken
 
 
     /**
-     * @param $lifetime int Token lifetime in seconds. Defaults to 900 (15 min).
-     * @param $secretSalt string A random and unique salt per installation. Defaults to the salt in the configuration.
-     * @param $skew int The allowed time skew (in seconds) between what the server generates and the one that calculates
+     * @param int $lifetime Token lifetime in seconds. Defaults to 900 (15 min).
+     * @param string $secretSalt A random and unique salt per installation. Defaults to the salt in the configuration.
+     * @param int $skew The allowed time skew (in seconds) between what the server generates and the one that calculates
      * the token.
      */
     public function __construct($lifetime = 900, $secretSalt = null, $skew = 1)
@@ -42,48 +42,49 @@ class TimeLimitedToken
     }
 
 
-    public function addVerificationData($data)
-    {
-        $this->secretSalt .= '|'.$data;
-    }
-
-
-    /**
-     * Calculate the current time offset to the current time slot.
-     * With some amount of time skew
-     */
-    private function getOffset()
-    {
-        return (time() - $this->skew) % ($this->lifetime + $this->skew);
-    }
-
-
     /**
-     * Calculate the time slot for a given offset.
+     * Add some given data to the current token. This data will be needed later too for token validation.
+     *
+     * This mechanism can be used to provide context for a token, such as a user identifier of the only subject
+     * authorised to use it. Note also that multiple data can be added to the token. This means that upon validation,
+     * not only the same data must be added, but also in the same order.
+     *
+     * @param string $data The data to incorporate into the current token.
      */
-    private function calculateTimeSlot($offset)
+    public function addVerificationData($data)
     {
-        return floor((time() - $offset) / ($this->lifetime + $this->skew));
+        $this->secretSalt .= '|'.$data;
     }
 
 
     /**
      * Calculates a token value for a given offset.
+     *
+     * @param int $offset The offset to use.
+     * @param int|null $time The time stamp to which the offset is relative to. Defaults to the current time.
+     *
+     * @return string The token for the given time and offset.
      */
-    private function calculateTokenValue($offset)
+    private function calculateTokenValue($offset, $time = null)
     {
+        if ($time === null) {
+            $time = time();
+        }
         // a secret salt that should be randomly generated for each installation
-        return sha1($this->calculateTimeSlot($offset).':'.$this->secretSalt);
+        return sha1(floor(($time - $offset) / ($this->lifetime + $this->skew)).':'.$this->secretSalt);
     }
 
 
     /**
      * Generates a token that contains an offset and a token value, using the current offset.
+     *
+     * @return string A time-limited token with the offset respect to the beginning of its time slot prepended.
      */
     public function generateToken()
     {
-        $current_offset = $this->getOffset();
-        return dechex($current_offset).'-'.$this->calculateTokenValue($current_offset);
+        $time = time();
+        $current_offset = ($time - $this->skew) % ($this->lifetime + $this->skew);
+        return dechex($current_offset).'-'.$this->calculateTokenValue($current_offset, $time);
     }
 
 
@@ -99,10 +100,17 @@ class TimeLimitedToken
 
     /**
      * Validates a token by calculating the token value for the provided offset and comparing it.
+     *
+     * @param string $token The token to validate.
+     *
+     * @return boolean True if the given token is currently valid, false otherwise.
      */
     public function validateToken($token)
     {
         $splittoken = explode('-', $token);
+        if (count($splittoken) !== 2) {
+            return false;
+        }
         $offset = hexdec($splittoken[0]);
         $value = $splittoken[1];
         return ($this->calculateTokenValue($offset) === $value);