[Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]

MacDada · fabpot · commit b6d65217916e · 2015-10-05T16:40:29.000+02:00
diff --git a/RememberMe/AbstractRememberMeServices.php b/RememberMe/AbstractRememberMeServices.php
@@ -293,7 +293,7 @@ protected function cancelCookie(Request $request)
             $this->logger->debug(sprintf('Clearing remember-me cookie "%s"', $this->options['name']));
         }
 
-        $request->attributes->set(self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], null, 1, $this->options['path'], $this->options['domain']));
+        $request->attributes->set(self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], null, 1, $this->options['path'], $this->options['domain'], $this->options['secure'], $this->options['httponly']));
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -293,7 +293,7 @@ protected function cancelCookie(Request $request)`
`293`	`293`	`$this->logger->debug(sprintf('Clearing remember-me cookie "%s"', $this->options['name']));`
`294`	`294`	`}`
`295`	`295`
`296`		`- $request->attributes->set(self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], null, 1, $this->options['path'], $this->options['domain']));`
	`296`	`+ $request->attributes->set(self::COOKIE_ATTR_NAME, new Cookie($this->options['name'], null, 1, $this->options['path'], $this->options['domain'], $this->options['secure'], $this->options['httponly']));`
`297`	`297`	`}`
`298`	`298`
`299`	`299`	`/**`