Obey SessionMaxAge for session expiration

Set the session and cookie expiration to the mod_session SessionMaxAge expiry time, if it is shorter than the credential lifetime. Signed-off-by: Matt Rogers <mrogers@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> Closes #82
author: Matt Rogers <mrogers@redhat.com> 2016-05-19 21:45:47 -0400
committer: Simo Sorce <simo@redhat.com> 2016-05-25 15:49:01 -0400
commit: 65e1bfe101f8b0183fc1bea66800558d2682544a (patch)
tree: 35c8ff58d7064ba9235ac7bdaf959f8d8117fea6
parent: 0645b2feb3c3549b67c1d64663be91655f1cbecf (diff)
download: mod_auth_gssapi-65e1bfe101f8b0183fc1bea66800558d2682544a.tar.gz
mod_auth_gssapi-65e1bfe101f8b0183fc1bea66800558d2682544a.tar.xz
mod_auth_gssapi-65e1bfe101f8b0183fc1bea66800558d2682544a.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/src/sessions.c b/src/sessions.c
index d99b92d..03efc89 100644
--- a/src/sessions.c
+++ b/src/sessions.c
@@ -221,7 +221,13 @@ void mag_attempt_session(struct mag_req_cfg *cfg, struct mag_conn *mc)
 
     gsessdata.established = mc->established?1:0;
     gsessdata.delegated = mc->delegated?1:0;
+
+    if (sess->expiry != 0) {
+        mc->expiration = mc->expiration < apr_time_sec(sess->expiry) ?
+                         mc->expiration : apr_time_sec(sess->expiry);
+    }
     gsessdata.expiration = mc->expiration;
+
     if (OCTET_STRING_fromString(&gsessdata.username, mc->user_name) != 0)
         goto done;
     if (OCTET_STRING_fromString(&gsessdata.gssname, mc->gss_name) != 0)
author	Matt Rogers <mrogers@redhat.com>	2016-05-19 21:45:47 -0400
committer	Simo Sorce <simo@redhat.com>	2016-05-25 15:49:01 -0400
commit	65e1bfe101f8b0183fc1bea66800558d2682544a (patch)
tree	35c8ff58d7064ba9235ac7bdaf959f8d8117fea6
parent	0645b2feb3c3549b67c1d64663be91655f1cbecf (diff)
download	mod_auth_gssapi-65e1bfe101f8b0183fc1bea66800558d2682544a.tar.gz mod_auth_gssapi-65e1bfe101f8b0183fc1bea66800558d2682544a.tar.xz mod_auth_gssapi-65e1bfe101f8b0183fc1bea66800558d2682544a.zip