Do not duplicate and overwrite parts of cookie configuration anymore

Previously, PHP's configuration directives 'session.cookie_httponly'
and 'session.cookie_secure' were always overwritten with duplicated
and separately tracked variants of each directive

Migration.md

@@ -20,6 +20,10 @@ $ composer update delight-im/auth
 
  * The method `logOutButKeepSession` from class `Auth` is now simply called `logOut`. Therefore, the former method `logout` is now called `logOutAndDestroySession`. With both methods, mind the capitalization of the letter “O”.
 
+ * If you previously had the second argument of the `Auth` constructor, which is named `$useHttps`, set to `true`, make sure to set the value of the `session.cookie_secure` directive to `1` now. You may do so either directly in your [PHP configuration](http://php.net/manual/en/configuration.file.php) (`php.ini`), via the `\ini_set` method or via the `\session_set_cookie_params` method. Otherwise, make sure it is set to `0`.
+
+ * If you previously had the third argument of the `Auth` constructor, which is named `$allowCookiesScriptAccess`, set to `true`, make sure to set the value of the `session.cookie_httponly` directive to `0` now. You may do so either directly in your [PHP configuration](http://php.net/manual/en/configuration.file.php) (`php.ini`), via the `\ini_set` method or via the `\session_set_cookie_params` method. Otherwise, make sure it is set to `1`.
+
  * Only if *both* of the following two conditions are met:
 
    * The directive `session.cookie_domain` is set to an empty value. It may have been set directly in your [PHP configuration](http://php.net/manual/en/configuration.file.php) (`php.ini`), via the `\ini_set` method or via the `\session_set_cookie_params` method. You can check the value of that directive by executing the following statement somewhere in your application:

src/Auth.php

@@ -70,11 +70,6 @@ final class Auth extends UserManager {
 		// do not send session IDs in URLs
 		\ini_set('session.use_trans_sid', 0);
 
-		// get our cookie settings
-		$params = $this->createCookieSettings();
-		// define our new cookie settings
-		\session_set_cookie_params($params['lifetime'], $params['path'], $params['domain'], $params['secure'], $params['httponly']);
-
 		// start the session (requests a cookie to be written on the client)
 		@Session::start();
 	}
@@ -436,8 +431,7 @@ final class Auth extends UserManager {
 	 * @throws AuthError if an internal problem occurred (do *not* catch)
 	 */
 	private function setRememberCookie($selector, $token, $expires) {
-		// get our cookie settings
-		$params = $this->createCookieSettings();
+		$params = \session_get_cookie_params();
 
 		if (isset($selector) && isset($token)) {
 			$content = $selector . self::COOKIE_CONTENT_SEPARATOR . $token;
@@ -524,8 +518,7 @@ final class Auth extends UserManager {
 	 * @throws AuthError if an internal problem occurred (do *not* catch)
 	 */
 	private function deleteSessionCookie() {
-		// get our cookie settings
-		$params = $this->createCookieSettings();
+		$params = \session_get_cookie_params();
 
 		// ask for the session cookie to be deleted (requests a cookie to be written on the client)
 		$cookie = new Cookie(\session_name());
@@ -1751,24 +1744,6 @@ final class Auth extends UserManager {
 		return new Administration($this->db, $this->dbTablePrefix);
 	}
 
-	/**
-	 * Creates the cookie settings that will be used to create and update cookies on the client
-	 *
-	 * @return array the cookie settings
-	 */
-	private function createCookieSettings() {
-		// get the default cookie settings
-		$params = \session_get_cookie_params();
-
-		// check if we want to send cookies via SSL/TLS only
-		$params['secure'] = $params['secure'] || $this->useHttps;
-		// check if we want to send cookies via HTTP(S) only
-		$params['httponly'] = $params['httponly'] || !$this->allowCookiesScriptAccess;
-
-		// return the modified settings
-		return $params;
-	}
-
 	/**
 	 * Creates a UUID v4 as per RFC 4122
 	 *