diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php index 74390edfdd03a57702b4828602336005d498b10a..d586e5104bea037e2cad277add1afc70b3a4e929 100644 --- a/lib/SimpleSAML/Session.php +++ b/lib/SimpleSAML/Session.php @@ -515,8 +515,11 @@ class SimpleSAML_Session { if (!isset($data['AuthnInstant'])) { $data['AuthnInstant'] = time(); } - if (!isset($data['Expire'])) { - $data['Expire'] = time() + $globalConfig->getInteger('session.duration', 8*60*60); + + $maxSessionExpire = time() + $globalConfig->getInteger('session.duration', 8*60*60); + if (!isset($data['Expire']) || $data['Expire'] > $maxSessionExpire) { + /* Unset, or beyond our session lifetime. Clamp it to our maximum session lifetime. */ + $data['Expire'] = $maxSessionExpire; } $this->authData[$authority] = $data;