From f84bf31447d5733d26d88cdc976c8970b3789d09 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=2EA=2E=20Jim=C3=A9nez?=
 <66381987+prinhelmet@users.noreply.github.com>
Date: Fri, 10 Feb 2023 14:31:06 +0100
Subject: [PATCH] Get config from Moodle to set token cookie

Check and apply the configured values of Moodle for *cookiesecure* and *cookiehttponly* on token cookie
---
 factor/token/classes/factor.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/factor/token/classes/factor.php b/factor/token/classes/factor.php
index 39c2576b..ef156dc3 100644
--- a/factor/token/classes/factor.php
+++ b/factor/token/classes/factor.php
@@ -194,7 +194,9 @@ public function post_pass_state() {
         $secretmanager->create_secret($expiry, false, $secret);
 
         // All the prep is now done, we can set this cookie.
-        setcookie($cookie, $secret, $expirytime, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, false, true);
+        $cookiesecure = 1 == get_config('core', 'cookiesecure');
+        $cookiehttponly = 1 == get_config('core', 'cookiehttponly');
+        setcookie($cookie, $secret, $expirytime, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $cookiesecure, $cookiehttponly);
 
         // Finally emit a log event for storing the cookie.
         $state = [