util: XDG_SESSION_COOKIE is unsuitable as session ID

XDG_SESSION_COOKIE was supposed to be used for access control to the
session and should not be exposed to other users.

Replace usage of XDG_SESSION_COOKIE by XDG_SESSION_ID which is the right
choice here since it is actually a proper session ID that may be
published.

diff --git a/src/pulsecore/core-util.c b/src/pulsecore/core-util.c
index 61f980e7d99a1e61838a8779d43e04d111d1f44d..2900e3cda23cd2bbb655f74d1a6dcdd93d15776d 100644 (file)
--- a/src/pulsecore/core-util.c
+++ b/src/pulsecore/core-util.c
@@ -2758,7 +2758,8 @@ char *pa_machine_id(void) {
 char *pa_session_id(void) {
     const char *e;
 
-    if (!(e = getenv("XDG_SESSION_COOKIE")))
+    e = getenv("XDG_SESSION_ID");
+    if (!e)
         return NULL;
 
     return pa_utf8_filter(e);