@@ -32,11 +32,16 @@ protected function __construct() {
3232 */
3333 if (session_id () === '' ) {
3434 $ configgetInstance ();
35-
36- $ cookiepath$ configgetBoolean ('session.phpsession.limitedpath ' , FALSE ) ? '/ ' . $ configgetBaseURL () : '/ ' );
37- $ secureFlag$ configgetBoolean ('session.cookie.secure ' , FALSE );
38- session_set_cookie_params (0 , $ cookiepathNULL , $ secureFlag
39-
35+
36+ $ params$ this getCookieParams ();
37+
38+ $ versionexplode ('. ' , PHP_VERSION );
39+ if ((int )$ version0 ] === 5 && (int )$ version1 ] < 2 ) {
40+ session_set_cookie_params ($ params'lifetime ' ], $ params'path ' ], $ params'domain ' ], $ params'secure ' ]);
41+ } else {
42+ session_set_cookie_params ($ params'lifetime ' ], $ params'path ' ], $ params'domain ' ], $ params'secure ' ], $ params'httponly ' ]);
43+ }
44+
4045 $ cookiename$ configgetString ('session.phpsession.cookiename ' , NULL );
4146 if (!empty ($ cookienamesession_name ($ cookiename
4247
@@ -114,6 +119,30 @@ public function hasSessionCookie() {
114119 return array_key_exists ($ cookieName$ _COOKIE
115120 }
116121
117- }
118122
119- ?>
123+ /**
124+ * Get the cookie parameters that should be used for session cookies.
125+ *
126+ * This function contains some adjustments from the default to provide backwards-compatibility.
127+ *
128+ * @return array
129+ * @link http://www.php.net/manual/en/function.session-get-cookie-params.php
130+ */
131+ public function getCookieParams () {
132+
133+ $ configgetInstance ();
134+
135+ $ retparent ::getCookieParams ();
136+
137+ if ($ confighasValue ('session.phpsession.limitedpath ' ) && $ confighasValue ('session.cookie.path ' )) {
138+ throw new SimpleSAML_Error_Exception ('You cannot set both the session.phpsession.limitedpath and session.cookie.path options. ' );
139+ } elseif ($ confighasValue ('session.phpsession.limitedpath ' )) {
140+ $ ret'path ' ] = $ configgetBoolean ('session.phpsession.limitedpath ' , FALSE ) ? '/ ' . $ configgetBaseURL () : '/ ' ;
141+ }
142+
143+ $ ret'httponly ' ] = $ configgetBoolean ('session.phpsession.httponly ' , FALSE );
144+
145+ return $ ret
146+ }
147+
148+ }
0 commit comments