diff options
author | Matt Rogers <mrogers@redhat.com> | 2016-05-19 21:45:47 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2016-05-25 15:49:01 -0400 |
commit | 65e1bfe101f8b0183fc1bea66800558d2682544a (patch) | |
tree | 35c8ff58d7064ba9235ac7bdaf959f8d8117fea6 | |
parent | 0645b2feb3c3549b67c1d64663be91655f1cbecf (diff) | |
download | mod_auth_gssapi-65e1bfe101f8b0183fc1bea66800558d2682544a.tar.gz mod_auth_gssapi-65e1bfe101f8b0183fc1bea66800558d2682544a.tar.xz mod_auth_gssapi-65e1bfe101f8b0183fc1bea66800558d2682544a.zip |
Obey SessionMaxAge for session expiration
Set the session and cookie expiration to the mod_session SessionMaxAge
expiry time, if it is shorter than the credential lifetime.
Signed-off-by: Matt Rogers <mrogers@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Closes #82
-rw-r--r-- | src/sessions.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/sessions.c b/src/sessions.c index d99b92d..03efc89 100644 --- a/src/sessions.c +++ b/src/sessions.c @@ -221,7 +221,13 @@ void mag_attempt_session(struct mag_req_cfg *cfg, struct mag_conn *mc) gsessdata.established = mc->established?1:0; gsessdata.delegated = mc->delegated?1:0; + + if (sess->expiry != 0) { + mc->expiration = mc->expiration < apr_time_sec(sess->expiry) ? + mc->expiration : apr_time_sec(sess->expiry); + } gsessdata.expiration = mc->expiration; + if (OCTET_STRING_fromString(&gsessdata.username, mc->user_name) != 0) goto done; if (OCTET_STRING_fromString(&gsessdata.gssname, mc->gss_name) != 0) |