added better and missing wording on CSRF expiry

Author: Schlaefer

src/Controller/Component/CsrfComponent.php

@@ -121,14 +121,14 @@ public function implementedEvents()
      */
     protected function _setCookie(Request $request, Response $response)
     {
-        $expires = new Time($this->_config['expiry']);
+        $expiry = new Time($this->_config['expiry']);
         $value = Security::hash(Text::uuid(), 'sha1', true);
 
         $request->params['_csrfToken'] = $value;
         $response->cookie([
             'name' => $this->_config['cookieName'],
             'value' => $value,
-            'expire' => $expires->format('U'),
+            'expire' => $expiry->format('U'),
             'path' => $request->webroot,
             'secure' => $this->_config['secure'],
         ]);

tests/TestCase/Controller/Component/CsrfComponentTest.php

@@ -274,7 +274,7 @@ public function testConfigurationCookieCreate()
         $cookie = $controller->response->cookie('token');
         $this->assertNotEmpty($cookie, 'Should set a token.');
         $this->assertRegExp('/^[a-f0-9]+$/', $cookie['value'], 'Should look like a hash.');
-        $this->assertWithinRange((new Time('+1 hour'))->format('U'), $cookie['expire'], 1);
+        $this->assertWithinRange((new Time('+1 hour'))->format('U'), $cookie['expire'], 1, 'session duration.');
         $this->assertEquals('/dir/', $cookie['path'], 'session path.');
         $this->assertTrue($cookie['secure'], 'cookie security flag missing');
     }