From e37cf3eb8180762e0c82c194c63057e4a614d541 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Wed, 12 Mar 2008 13:07:30 +0000
Subject: [PATCH] Setting secure cookies for phpsession, and added config
 parameters for setting cookie name and path

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@403 44740490-163a-0410-bde0-09ae8108e29a
---
 config-templates/config.php          |  3 +++
 lib/SimpleSAML/Session.php           |  3 +++
 lib/SimpleSAML/SessionHandlerPHP.php |  8 ++++++++
 lib/SimpleSAML/Utilities.php         | 21 +++++++++++++++++++++
 4 files changed, 35 insertions(+)

diff --git a/config-templates/config.php b/config-templates/config.php
index be9e75a17..4e001c7b6 100644
--- a/config-templates/config.php
+++ b/config-templates/config.php
@@ -106,6 +106,9 @@ $config = array (
 	'session.duration'		=>  8 * (60*60), // 8 hours.
 	'session.requestcache'	=>  4 * (60*60), // 4 hours
 	
+	'session.phpsession.cookiename'  => null,
+	'session.phpsession.limitedpath' => false,
+	
 	/*
 	 * Languages available and what language is default
 	 */
diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php
index f449d4294..ac27693de 100644
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -117,6 +117,9 @@ class SimpleSAML_Session implements SimpleSAML_ModifiedInfo {
 		}
 	}
 	
+	
+	
+	
 	public static function init($authenticated = false, $authority = null) {
 		
 		$preinstance = self::getInstance();
diff --git a/lib/SimpleSAML/SessionHandlerPHP.php b/lib/SimpleSAML/SessionHandlerPHP.php
index 1466e0e2e..3f4df18ad 100644
--- a/lib/SimpleSAML/SessionHandlerPHP.php
+++ b/lib/SimpleSAML/SessionHandlerPHP.php
@@ -31,6 +31,14 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler {
 		 * started, and we should avoid calling session_start().
 		 */
 		if(session_id() === '') {
+			$config = SimpleSAML_Configuration::getInstance();
+			
+			$cookiepath = ($config->getValue('session.phpsession.limitedpath', FALSE) ? '/' . $config->getValue('baseurlpath') : '/');
+			session_set_cookie_params(0, $cookiepath, NULL, SimpleSAML_Utilities::isHTTPS());
+			
+			$cookiename = $config->getValue('session.phpsession.cookiename', NULL);
+			if (!empty($cookiename)) session_name($cookiename);
+			
 			session_start();
 		}
 	}
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index 558779468..254ea9d73 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -60,6 +60,27 @@ class SimpleSAML_Utilities {
 	
 	}
 	
+	/**
+	 * This function checks if we should set a secure cookie.
+	 *
+	 * @return TRUE if the cookie should be secure, FALSE otherwise.
+	 */
+	public static function isHTTPS() {
+
+		if(!array_key_exists('HTTPS', $_SERVER)) {
+			/* Not a https-request. */
+			return FALSE;
+		}
+
+		if($_SERVER['HTTPS'] === 'off') {
+			/* IIS with HTTPS off. */
+			return FALSE;
+		}
+
+		/* Otherwise, HTTPS will be a non-empty string. */
+		return $_SERVER['HTTPS'] !== '';
+	}
+	
 	/**
 	 * Will return https://sp.example.org/universities/ruc/baz/simplesaml/saml2/SSOService.php
 	 */
-- 
GitLab