From f2c3eadc9a6f9fd45f87349297d80e23f11d345d Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Thu, 24 May 2012 06:08:23 +0000
Subject: [PATCH] Session: Clamp session lifetime to session.duration.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3105 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Session.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php
index 74390edfd..d586e5104 100644
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -515,8 +515,11 @@ class SimpleSAML_Session {
 		if (!isset($data['AuthnInstant'])) {
 			$data['AuthnInstant'] = time();
 		}
-		if (!isset($data['Expire'])) {
-			$data['Expire'] = time() + $globalConfig->getInteger('session.duration', 8*60*60);
+
+		$maxSessionExpire = time() + $globalConfig->getInteger('session.duration', 8*60*60);
+		if (!isset($data['Expire']) || $data['Expire'] > $maxSessionExpire) {
+			/* Unset, or beyond our session lifetime. Clamp it to our maximum session lifetime. */
+			$data['Expire'] = $maxSessionExpire;
 		}
 
 		$this->authData[$authority] = $data;
-- 
GitLab