Merge pull request #31 from ASCWebServices/secure_cookies

Setting 'secure' and 'httponly' simplesamlphp cookie flags

config/simplesamlphp/config/config.php

@@ -566,14 +566,14 @@
      * through https. If the user can access the service through
      * both http and https, this must be set to FALSE.
      */
-    'session.cookie.secure' => false,
+    'session.cookie.secure' => TRUE,
 
     /*
      * Options to override the default settings for php sessions.
      */
     'session.phpsession.cookiename' => 'SimpleSAML',
     'session.phpsession.savepath' => null,
-    'session.phpsession.httponly' => true,
+    'session.phpsession.httponly' => TRUE,
 
     /*
      * Option to override the default settings for the auth token cookie

vendor/simplesamlphp/simplesamlphp/config/config.php

@@ -566,14 +566,14 @@
      * through https. If the user can access the service through
      * both http and https, this must be set to FALSE.
      */
-    'session.cookie.secure' => false,
+    'session.cookie.secure' => TRUE,
 
     /*
      * Options to override the default settings for php sessions.
      */
     'session.phpsession.cookiename' => 'SimpleSAML',
     'session.phpsession.savepath' => null,
-    'session.phpsession.httponly' => true,
+    'session.phpsession.httponly' => TRUE,
 
     /*
      * Option to override the default settings for the auth token cookie