Skip to content
Snippets Groups Projects
Commit f2c3eadc authored by Olav Morken's avatar Olav Morken
Browse files

Session: Clamp session lifetime to session.duration. 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3105 44740490-163a-0410-bde0-09ae8108e29a
parent 4e88423e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/SimpleSAML/Session.php
+ 5
2
View file @ f2c3eadc
......@@ -515,8 +515,11 @@ class SimpleSAML_Session {
if (!isset($data['AuthnInstant'])) {
$data['AuthnInstant'] = time();
}
if (!isset($data['Expire'])) {
$data['Expire'] = time() + $globalConfig->getInteger('session.duration', 8*60*60);
$maxSessionExpire = time() + $globalConfig->getInteger('session.duration', 8*60*60);
if (!isset($data['Expire']) || $data['Expire'] > $maxSessionExpire) {
/* Unset, or beyond our session lifetime. Clamp it to our maximum session lifetime. */
$data['Expire'] = $maxSessionExpire;
}
$this->authData[$authority] = $data;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment