From 65e1bfe101f8b0183fc1bea66800558d2682544a Mon Sep 17 00:00:00 2001
From: Matt Rogers <mrogers@redhat.com>
Date: Thu, 19 May 2016 21:45:47 -0400
Subject: Obey SessionMaxAge for session expiration

Set the session and cookie expiration to the mod_session SessionMaxAge
expiry time, if it is shorter than the credential lifetime.

Signed-off-by: Matt Rogers <mrogers@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Closes #82
---
 src/sessions.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/sessions.c b/src/sessions.c
index d99b92d..03efc89 100644
--- a/src/sessions.c
+++ b/src/sessions.c
@@ -221,7 +221,13 @@ void mag_attempt_session(struct mag_req_cfg *cfg, struct mag_conn *mc)
 
     gsessdata.established = mc->established?1:0;
     gsessdata.delegated = mc->delegated?1:0;
+
+    if (sess->expiry != 0) {
+        mc->expiration = mc->expiration < apr_time_sec(sess->expiry) ?
+                         mc->expiration : apr_time_sec(sess->expiry);
+    }
     gsessdata.expiration = mc->expiration;
+
     if (OCTET_STRING_fromString(&gsessdata.username, mc->user_name) != 0)
         goto done;
     if (OCTET_STRING_fromString(&gsessdata.gssname, mc->gss_name) != 0)
-- 
cgit