Allow configuring cookie attributes

I decided to put this in config.php because if cookie settings were to
be stored in the database and configured via admin UI, entering
incorrect settings could cause the admin session to be destroyed,
requiring manual database intervention to fix. But it's a good prompt
for discussion as to which kind of settings belong in config.php vs the
database. Thoughts?

framework/core/src/Http/CookieFactory.php

@@ -45,7 +45,7 @@ class CookieFactory
         // Parse the forum's base URL so that we can determine the optimal cookie settings
         $url = parse_url(rtrim($this->app->url(), '/'));
 
-        $cookie = SetCookie::create($name, $value);
+        $cookie = SetCookie::create($this->getName($name), $value);
 
         // Make sure we send both the MaxAge and Expires parameters (the former
         // is not supported by all browser versions)
@@ -55,9 +55,38 @@ class CookieFactory
                 ->withExpires(time() + $maxAge);
         }
 
+        if ($domain = $this->app->config('cookie.domain')) {
+            $cookie = $cookie->withDomain($domain);
+        }
+
+        $path = $this->app->config('cookie.path', array_get($url, 'path') ?: '/');
+        $secure = $this->app->config('cookie.secure', array_get($url, 'scheme') === 'https');
+
         return $cookie
-            ->withPath(array_get($url, 'path') ?: '/')
-            ->withSecure(array_get($url, 'scheme') === 'https')
+            ->withPath($path)
+            ->withSecure($secure)
             ->withHttpOnly(true);
     }
+
+    /**
+     * Make an expired cookie instance.
+     *
+     * @param string $name
+     * @return \Dflydev\FigCookies\SetCookie
+     */
+    public function expire($name)
+    {
+        return $this->make($name)->expire();
+    }
+
+    /**
+     * Get a cookie name.
+     *
+     * @param string $name
+     * @return string
+     */
+    public function getName($name)
+    {
+        return $this->app->config('cookie.name', 'flarum').'_'.$name;
+    }
 }

framework/core/src/Http/Middleware/StartSession.php

@@ -22,13 +22,14 @@ use Zend\Stratigility\MiddlewareInterface;
 
 class StartSession implements MiddlewareInterface
 {
+    const COOKIE_NAME = 'session';
+
     /**
      * @var CookieFactory
      */
     protected $cookie;
 
     /**
-     * Rememberer constructor.
      * @param CookieFactory $cookie
      */
     public function __construct(CookieFactory $cookie)
@@ -56,7 +57,7 @@ class StartSession implements MiddlewareInterface
     {
         $session = new Session;
 
-        $session->setName('flarum_session');
+        $session->setName($this->cookie->getName(self::COOKIE_NAME));
         $session->start();
 
         if (! $session->has('csrf_token')) {
@@ -79,7 +80,7 @@ class StartSession implements MiddlewareInterface
     {
         return FigResponseCookies::set(
             $response,
-            $this->cookie->make($session->getName(), $session->getId())
+            $this->cookie->make(self::COOKIE_NAME, $session->getId())
         );
     }
 }

framework/core/src/Http/Rememberer.php

@@ -16,7 +16,7 @@ use Psr\Http\Message\ResponseInterface;
 
 class Rememberer
 {
-    protected $cookieName = 'flarum_remember';
+    const COOKIE_NAME = 'remember';
 
     /**
      * @var CookieFactory
@@ -43,7 +43,7 @@ class Rememberer
 
         return FigResponseCookies::set(
             $response,
-            $this->cookie->make($this->cookieName, $token->id, $lifetime)
+            $this->cookie->make(self::COOKIE_NAME, $token->id, $lifetime)
         );
     }
 
@@ -56,6 +56,9 @@ class Rememberer
 
     public function forget(ResponseInterface $response)
     {
-        return FigResponseCookies::expire($response, $this->cookieName);
+        return FigResponseCookies::set(
+            $response,
+            $this->cookie->expire(self::COOKIE_NAME)
+        );
     }
 }