From c5c38ba03045837f832fd2da3eaf6000e61f6a76 Mon Sep 17 00:00:00 2001
From: r-a-y <r-a-y@gmx.com>
Date: Mon, 12 Oct 2020 17:39:20 -0700
Subject: [PATCH] Use the current session token when setting the auth cookies.

Fixes issue when logging out from the mapped domain.

Fixes #14.
---
 sso.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sso.php b/sso.php
index 74fcdca..77cfbfe 100644
--- a/sso.php
+++ b/sso.php
@@ -471,6 +471,7 @@ function get_login_url( $user, $args ) {
 		'action' => ACTION_LOGIN,
 		'key'    => $key,
 		'nonce'  => create_shared_nonce( 'mercator-sso-login|' . $key ),
+		'token'  => wp_get_session_token(),
 	);
 	$admin_url = get_admin_url( $args['site'], 'admin-ajax.php', 'relative' );
 	$admin_url = add_query_arg( urlencode_deep( $url_args ), $admin_url );
@@ -554,7 +555,7 @@ function handle_login_response() {
 	}
 
 	wp_set_current_user( $token['user'] );
-	wp_set_auth_cookie( $token['user'], true );
+	wp_set_auth_cookie( $token['user'], true, '', $args['token'] );
 
 	// Logged in, return to sender.
 	wp_redirect( $token['back'] );