outposts/proxy: ensure cookies only last as long as tokens

closes #1462 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-25 16:12:59 +02:00 · 2021-09-25 16:12:59 +02:00 · 9f4a4449f5
parent b6b55e2336
commit 9f4a4449f5
1 changed files with 10 additions and 0 deletions
--- a/internal/outpost/proxyv2/application/session.go
+++ b/internal/outpost/proxyv2/application/session.go
@ -18,12 +18,22 @@ func GetStore(p api.ProxyOutpostConfig) sessions.Store {
 		if err != nil {
 			panic(err)
 		}
+		if p.TokenValidity.IsSet() {
+			t := p.TokenValidity.Get()
+			// Add one to the validity to ensure we don't have a session with indefinite length
+			rs.Options.MaxAge = int(*t) + 1
+		}
 		rs.Options.Domain = *p.CookieDomain
 		log.Info("using redis session backend")
 		store = rs
 	} else {
 		cs := sessions.NewCookieStore([]byte(*p.CookieSecret))
 		cs.Options.Domain = *p.CookieDomain
+		if p.TokenValidity.IsSet() {
+			t := p.TokenValidity.Get()
+			// Add one to the validity to ensure we don't have a session with indefinite length
+			cs.Options.MaxAge = int(*t) + 1
+		}
 		log.Info("using cookie session backend")
 		store = cs
 	}