bugfix: Do not set the auth token with the setCookie() method from the session handler.

Related to previous commits. The SimpleSAML_Session::updateSessionCookies() updates both the session cookie and the auth token. For the latter, it uses the setCookie() method from the session handler, while it should use the SimpleSAML\Utils\HTTP::setCookie() method instead.

bugfix: Do not set the auth token with the setCookie() method from the session handler.
bcd0ae9b · Jaime Pérez · 3ad8a9f2 · bcd0ae9b
Commit bcd0ae9b authored 8 years ago by Jaime Pérez
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -676,7 +676,7 @@ class SimpleSAML_Session
        if ($this->authToken !== null) {
            $globalConfig = SimpleSAML_Configuration::getInstance();
-            $sessionHandler->setCookie(
+            \SimpleSAML\Utils\HTTP::setCookie(
                $globalConfig->getString('session.authtoken.cookiename', 'SimpleSAMLAuthToken'),
                $this->authToken,
                $params