Setting additional cookie options (httponly, secure and domain)

Problem/Motivation

Currently, it is not possible to set additional options to drupalauth4ssp cookie (httponly, secure and domain).

Proposed resolution

The proposed solution is to get the options set in simplesamlphp config.php file.
Another solution would be getting the options from session_get_cookie_params(), but since we are dealing with saml cookies, maybe it is better to retrieve the configuration from simplesamlphp library. as the proposed solution says.

Remaining tasks

N/A

User interface changes

N/A

API changes

N/A

Data model changes

N/A

Comment	File	Size	Author
#4	drupalauth4ssp-additional-cookie-options-2917942-4-D7.patch	2.51 KB	sjerdo
#4
#2	setting_additional_cookie_options-2917942-2.patch	1.96 KB	rodrigoeg
#2

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

22 October 2017 at 18:07

rodrigoeg created an issue. See original summary.

Log in or register to post comments

Comment #2

rodrigoeg CreditAttribution: rodrigoeg at CI&T commented 22 October 2017 at 18:11

Issue summary:	View changes
Status:	Active	» Needs review

File	Size
setting_additional_cookie_options-2917942-2.patch	1.96 KB

Log in or register to post comments

dakku’s picture

Comment #3

dakku CreditAttribution: dakku as a volunteer commented 21 November 2017 at 13:41

++

Log in or register to post comments

sjerdo’s picture

Comment #4

Dutch

Haarlem

CreditAttribution: sjerdo at Synetic commented 29 September 2020 at 12:49

File	Size
drupalauth4ssp-additional-cookie-options-2917942-4-D7.patch	2.51 KB

Combined the patches in this issue and #2996561: The cookie drupalauth4ssp is not being removed when the user logout, since the latter is regression of this issue.

Log in or register to post comments