diff --git a/lib/SimpleSAML/SessionHandler.php b/lib/SimpleSAML/SessionHandler.php
index ad136e904a5cb9f11227b913baef59bc5b9c6e1d..a61844ed5149f5b8604d501ff79b20f70cb95764 100644
--- a/lib/SimpleSAML/SessionHandler.php
+++ b/lib/SimpleSAML/SessionHandler.php
@@ -130,29 +130,17 @@ abstract class SimpleSAML_SessionHandler {
* @param string $name The name of the session cookie.
* @param string|NULL $value The value of the cookie. Set to NULL to delete the cookie.
*/
- public function setCookie($name, $value) {
+ public function setCookie($name, $value, array $params = NULL) {
assert('is_string($name)');
assert('is_string($value) || is_null($value)');
- $params = $this->getCookieParams();
-
- // Do not set secure cookie if not on HTTPS
- if ($params['secure'] && !SimpleSAML_Utilities::isHTTPS()) {
- SimpleSAML_Logger::warning('Setting secure cookie on http not allowed.');
- return;
- }
-
- if ($value === NULL) {
- $expire = time() - 365*24*60*60;
- } elseif ($params['lifetime'] === 0) {
- $expire = 0;
+ if ($params !== NULL) {
+ $params = array_merge($this->getCookieParams(), $params);
} else {
- $expire = time() + $params['lifetime'];;
+ $params = $this->getCookieParams();
}
- if (!setcookie($name, $value, $expire, $params['path'], $params['domain'], $params['secure'], $params['httponly'])) {
- throw new SimpleSAML_Error_Exception('Error setting cookie - headers already sent.');
- }
+ SimpleSAML_Utilities::setCookie($name, $value, $params);
}
}
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index 7447db632561438a76083ebde916719b3b01fc37..ad814918c9afcb41b0c9244c4442e13a05696a35 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -2354,4 +2354,64 @@ class SimpleSAML_Utilities {
return substr(strtoupper(PHP_OS),0,3) == 'WIN';
}
+
+ /**
+ * Set a cookie.
+ *
+ * @param string $name The name of the session cookie.
+ * @param string|NULL $value The value of the cookie. Set to NULL to delete the cookie.
+ * @param array|NULL $params Cookie parameters.
+ * @param bool $throw Whether to throw exception if setcookie fails.
+ */
+ public static function setCookie($name, $value, array $params = NULL, $throw = TRUE) {
+ assert('is_string($name)');
+ assert('is_string($value) || is_null($value)');
+
+ $default_params = array(
+ 'lifetime' => 0,
+ 'expire' => NULL,
+ 'path' => '/',
+ 'domain' => NULL,
+ 'secure' => FALSE,
+ 'httponly' => TRUE,
+ 'raw' => FALSE,
+ );
+
+ if ($params !== NULL) {
+ $params = array_merge($default_params, $params);
+ } else {
+ $params = $default_params;
+ }
+
+ // Do not set secure cookie if not on HTTPS
+ if ($params['secure'] && !self::isHTTPS()) {
+ SimpleSAML_Logger::warning('Setting secure cookie on http not allowed.');
+ return;
+ }
+
+ if ($value === NULL) {
+ $expire = time() - 365*24*60*60;
+ } elseif (isset($params['expire'])) {
+ $expire = $params['expire'];
+ } elseif ($params['lifetime'] === 0) {
+ $expire = 0;
+ } else {
+ $expire = time() + $params['lifetime'];
+ }
+
+ if ($params['raw']) {
+ $success = setrawcookie($name, $value, $expire, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
+ } else {
+ $success = setcookie($name, $value, $expire, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
+ }
+
+ if (!$success) {
+ if ($throw) {
+ throw new SimpleSAML_Error_Exception('Error setting cookie - headers already sent.');
+ } else {
+ SimpleSAML_Logger::warning('Error setting cookie - headers already sent.');
+ }
+ }
+ }
+
}
diff --git a/lib/SimpleSAML/XHTML/IdPDisco.php b/lib/SimpleSAML/XHTML/IdPDisco.php
index fb17ac156d26801dee68c31cc1940bbb7083f156..c0563ad2115515bd59b45d621de737cbc2bcdb91 100644
--- a/lib/SimpleSAML/XHTML/IdPDisco.php
+++ b/lib/SimpleSAML/XHTML/IdPDisco.php
@@ -190,13 +190,15 @@ class SimpleSAML_XHTML_IdPDisco {
protected function setCookie($name, $value) {
$prefixedName = 'idpdisco_' . $this->instance . '_' . $name;
- /* We save the cookies for 90 days. */
- $saveUntil = time() + 60*60*24*90;
-
- /* The base path for cookies. This should be the installation directory for simpleSAMLphp. */
- $cookiePath = '/' . $this->config->getBaseUrl();
-
- setcookie($prefixedName, $value, $saveUntil, $cookiePath);
+ $params = array(
+ /* We save the cookies for 90 days. */
+ 'lifetime' => (60*60*24*90),
+ /* The base path for cookies. This should be the installation directory for simpleSAMLphp. */
+ 'path' => ('/' . $this->config->getBaseUrl()),
+ 'httponly' => FALSE,
+ );
+
+ SimpleSAML_Utilities::setCookie($prefixedName, $value, $params, FALSE);
}
diff --git a/lib/SimpleSAML/XHTML/Template.php b/lib/SimpleSAML/XHTML/Template.php
index 9bb4759498d8b89c596468ad8f538e520bc3c049..affdfb11717a2c7e24e36f597871c469f93e81a9 100644
--- a/lib/SimpleSAML/XHTML/Template.php
+++ b/lib/SimpleSAML/XHTML/Template.php
@@ -706,17 +706,14 @@ class SimpleSAML_XHTML_Template {
}
$name = $config->getString('language.cookie.name', 'language');
- $domain = $config->getString('language.cookie.domain', NULL);
- $path = $config->getString('language.cookie.path', '/');
- $lifetime = $config->getInteger('language.cookie.lifetime', 60*60*24*900);
-
- if ($lifetime === 0) {
- $expire = 0;
- } else {
- $expire = time() + $lifetime;
- }
-
- setcookie($name, $language, $expire, $path, $domain);
+ $params = array(
+ 'lifetime' => ($config->getInteger('language.cookie.lifetime', 60*60*24*900)),
+ 'domain' => ($config->getString('language.cookie.domain', NULL)),
+ 'path' => ($config->getString('language.cookie.path', '/')),
+ 'httponly' => FALSE,
+ );
+
+ SimpleSAML_Utilities::setCookie($name, $language, $params, FALSE);
}
}
diff --git a/modules/cdc/lib/Server.php b/modules/cdc/lib/Server.php
index dfc4f5a6efefb85b2df4cf6c17036e077a0c37eb..5f7636ccc5f3f672264f327071a74acf31bc2eee 100644
--- a/modules/cdc/lib/Server.php
+++ b/modules/cdc/lib/Server.php
@@ -203,8 +203,14 @@ class sspmod_cdc_Server {
* @return array The response.
*/
private function handleDelete(array $request) {
+ $params = array(
+ 'path' => '/',
+ 'domain' => '.' . $this->domain,
+ 'secure' => TRUE,
+ 'httponly' => FALSE,
+ );
- setcookie('_saml_idp', 'DELETE', time() - 86400 , '/', '.' . $this->domain, TRUE);
+ SimpleSAML_Utilities::setCookie('_saml_idp', NULL, $params, FALSE);
return 'ok';
}
@@ -392,13 +398,15 @@ class sspmod_cdc_Server {
$cookie = $tmp[1];
}
- if ($this->cookieLifetime === 0) {
- $expire = 0;
- } else {
- $expire = time() + $this->cookieLifetime;
- }
+ $params = array(
+ 'lifetime' => $this->cookieLifetime,
+ 'path' => '/',
+ 'domain' => '.' . $this->domain,
+ 'secure' => TRUE,
+ 'httponly' => FALSE,
+ );
- setcookie('_saml_idp', $cookie, $expire, '/', '.' . $this->domain, TRUE);
+ SimpleSAML_Utilities::setCookie('_saml_idp', $cookie, $params, FALSE);
}
}
diff --git a/modules/consent/lib/Consent/Store/Cookie.php b/modules/consent/lib/Consent/Store/Cookie.php
index d0e638e945e6745103dca8dea17d629415d8c957..ba59e5c4d9b728d9204caeae554dbb582eecf923 100644
--- a/modules/consent/lib/Consent/Store/Cookie.php
+++ b/modules/consent/lib/Consent/Store/Cookie.php
@@ -266,26 +266,21 @@ class sspmod_consent_Consent_Store_Cookie extends sspmod_consent_Store
assert('is_string($name)');
assert('is_string($value)');
- if ($value === null) {
- $expire = 1; /* Delete by setting expiry in the past. */
- $value = '';
- } else {
- $expire = time() + 90 * 24*60*60;
- }
+ $globalConfig = SimpleSAML_Configuration::getInstance();
+ $params = array(
+ 'lifetime' => (90*24*60*60),
+ 'path' => ('/' . $globalConfig->getBaseURL()),
+ 'httponly' => FALSE,
+ );
if (SimpleSAML_Utilities::isHTTPS()) {
/* Enable secure cookie for https-requests. */
- $secure = true;
+ $params['secure'] = true;
} else {
- $secure = false;
+ $params['secure'] = false;
}
- $globalConfig = SimpleSAML_Configuration::getInstance();
- $path = '/' . $globalConfig->getBaseURL();
-
- setcookie($name, $value, $expire, $path, null, $secure);
+ SimpleSAML_Utilities::setCookie($name, $value, $params, FALSE);
}
}
-
-?>
diff --git a/modules/core/www/cleardiscochoices.php b/modules/core/www/cleardiscochoices.php
index 03456e4f68c619de791f2592aa3e8596a8bf1a57..7cf7fa03fa5e46455ccc2c44d6b1e5ab2954bedc 100644
--- a/modules/core/www/cleardiscochoices.php
+++ b/modules/core/www/cleardiscochoices.php
@@ -20,7 +20,7 @@ foreach($_COOKIE as $cookieName => $value) {
/* Delete the cookie. We delete it once without the secure flag and once with the secure flag. This
* ensures that the cookie will be deleted in any case.
*/
- setcookie($cookieName, '', time() - 24*60*60, $cookiePath);
+ SimpleSAML_Utilities::setCookie($cookieName, NULL, array('path' => $cookiePath, 'httponly' => FALSE), FALSE);
}
@@ -35,4 +35,3 @@ if(array_key_exists('ReturnTo', $_REQUEST)) {
/* Redirect to destination. */
SimpleSAML_Utilities::redirect($returnTo);
-?>
\ No newline at end of file
diff --git a/modules/core/www/loginuserpass.php b/modules/core/www/loginuserpass.php
index 1a4e3f5ce3cb9ce7dca59efa3e5aff53e264680a..71da3aeaee7481e25c881e23a4c4bbaf737f0d98 100644
--- a/modules/core/www/loginuserpass.php
+++ b/modules/core/www/loginuserpass.php
@@ -56,7 +56,7 @@ if (!empty($_REQUEST['username']) || !empty($password)) {
$params = $sessionHandler->getCookieParams();
$params['expire'] = time();
$params['expire'] += (isset($_REQUEST['remember_username']) && $_REQUEST['remember_username'] == 'Yes' ? 31536000 : -300);
- setcookie($source->getAuthId() . '-username', $username, $params['expire'], $params['path'], $params['domain'], $params['secure'], $params['httponly']);
+ SimpleSAML_Utilities::setCookie($source->getAuthId() . '-username', $username, $params, FALSE);
}
try {
@@ -96,5 +96,3 @@ if (isset($state['SPMetadata'])) {
$t->show();
exit();
-
-?>
\ No newline at end of file
diff --git a/modules/core/www/loginuserpassorg.php b/modules/core/www/loginuserpassorg.php
index ba43f9ba4142f95b5563aead735dbca28f54dfc4..cda773bfc47fffca8aa66c1070dfbb1145baa61b 100644
--- a/modules/core/www/loginuserpassorg.php
+++ b/modules/core/www/loginuserpassorg.php
@@ -59,7 +59,7 @@ if ($organizations === NULL || !empty($organization)) {
$params = $sessionHandler->getCookieParams();
$params['expire'] = time();
$params['expire'] += (isset($_REQUEST['remember_username']) && $_REQUEST['remember_username'] == 'Yes' ? 31536000 : -300);
- setcookie($source->getAuthId() . '-username', $username, $params['expire'], $params['path'], $params['domain'], $params['secure'], $params['httponly']);
+ SimpleSAML_Utilities::setCookie($source->getAuthId() . '-username', $username, $params, FALSE);
}
try {
@@ -97,5 +97,3 @@ if (isset($state['SPMetadata'])) {
$t->show();
exit();
-
-?>
\ No newline at end of file
diff --git a/modules/discopower/lib/PowerIdPDisco.php b/modules/discopower/lib/PowerIdPDisco.php
index bdd4a79e87e251ea0fd66eff3c44bb4dc2bd3d9e..072e6afb3de1dc1fe2a8ce1b89fd59023951ef82 100644
--- a/modules/discopower/lib/PowerIdPDisco.php
+++ b/modules/discopower/lib/PowerIdPDisco.php
@@ -302,13 +302,13 @@ class sspmod_discopower_PowerIdPDisco extends SimpleSAML_XHTML_IdPDisco {
$newCookie = $tmp[1];
}
- if ($this->cdcLifetime === NULL) {
- $expire = 0;
- } else {
- $expire = time() + $this->cdcLifetime;
- }
-
- setcookie('_saml_idp', $newCookie, $expire, '/', $this->cdcDomain, TRUE);
+ $params = array(
+ 'lifetime' => $this->cdcLifetime,
+ 'domain' => $this->cdcDomain,
+ 'secure' => TRUE,
+ 'httponly' => FALSE,
+ );
+ SimpleSAML_Utilities::setCookie('_saml_idp', $newCookie, $params, FALSE);
}
@@ -339,5 +339,3 @@ class sspmod_discopower_PowerIdPDisco extends SimpleSAML_XHTML_IdPDisco {
}
}
-
-?>
\ No newline at end of file
diff --git a/modules/multiauth/lib/Auth/Source/MultiAuth.php b/modules/multiauth/lib/Auth/Source/MultiAuth.php
index 737eb28a1dea1c97888812f9b864660ea040b41a..2b975d4feb143cacb5a3c6bd2c81144797e1307e 100644
--- a/modules/multiauth/lib/Auth/Source/MultiAuth.php
+++ b/modules/multiauth/lib/Auth/Source/MultiAuth.php
@@ -199,15 +199,17 @@ class sspmod_multiauth_Auth_Source_MultiAuth extends SimpleSAML_Auth_Source {
$cookieName = 'multiauth_source_' . $this->authId;
- /* We save the cookies for 90 days. */
- $saveUntil = time() + 60*60*24*90;
-
- /* The base path for cookies.
- This should be the installation directory for simpleSAMLphp. */
$config = SimpleSAML_Configuration::getInstance();
- $cookiePath = '/' . $config->getBaseUrl();
-
- setcookie($cookieName, $source, $saveUntil, $cookiePath);
+ $params = array(
+ /* We save the cookies for 90 days. */
+ 'lifetime' => (60*60*24*90),
+ /* The base path for cookies.
+ This should be the installation directory for simpleSAMLphp. */
+ 'path' => ('/' . $config->getBaseUrl()),
+ 'httponly' => FALSE,
+ );
+
+ SimpleSAML_Utilities::setCookie($cookieName, $source, $params, FALSE);
}
/**
diff --git a/modules/negotiate/www/disable.php b/modules/negotiate/www/disable.php
index 021fb7bc400313dc1478def7f58c622895d04fd5..ca8bb8d00e8819891f60efe46ce36d879a7f4f63 100644
--- a/modules/negotiate/www/disable.php
+++ b/modules/negotiate/www/disable.php
@@ -9,8 +9,14 @@
* @version $Id$
*/
+$params = array(
+ 'expire' => (mktime(0,0,0,1,1,2038)),
+ 'secure' => FALSE,
+ 'httponly' => TRUE,
+);
+SimpleSAML_Utilities::setCookie('NEGOTIATE_AUTOLOGIN_DISABLE_PERMANENT', 'True', $params, FALSE);
+
$globalConfig = SimpleSAML_Configuration::getInstance();
-setcookie('NEGOTIATE_AUTOLOGIN_DISABLE_PERMANENT', 'True', mktime(0,0,0,1,1,2038), '/', SimpleSAML_Utilities::getSelfHost(), FALSE, TRUE);
$session = SimpleSAML_Session::getInstance();
$session->setData('negotiate:disable', 'session', FALSE, 24*60*60);
$t = new SimpleSAML_XHTML_Template($globalConfig, 'negotiate:disable.php');
diff --git a/modules/negotiate/www/enable.php b/modules/negotiate/www/enable.php
index 340b9dcd00b9e8118b95c6d506a323b9527eb8f5..e28bde1f91cfdd2e540373f0420af74315eb0a04 100644
--- a/modules/negotiate/www/enable.php
+++ b/modules/negotiate/www/enable.php
@@ -9,8 +9,13 @@
* @version $Id$
*/
+$params = array(
+ 'secure' => FALSE,
+ 'httponly' => TRUE,
+);
+SimpleSAML_Utilities::setCookie('NEGOTIATE_AUTOLOGIN_DISABLE_PERMANENT', NULL, $params, FALSE);
+
$globalConfig = SimpleSAML_Configuration::getInstance();
-setcookie('NEGOTIATE_AUTOLOGIN_DISABLE_PERMANENT', 'False', time() - 3600, '/', SimpleSAML_Utilities::getSelfHost(), FALSE, TRUE);
$session = SimpleSAML_Session::getInstance();
$session->setData('negotiate:disable', 'session', FALSE, 24*60*60);
$t = new SimpleSAML_XHTML_Template($globalConfig, 'negotiate:enable.php');