outposts/proxy: ensure cookies only last as long as tokens

closes #1462

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-09-25 16:12:59 +02:00
parent b6b55e2336
commit 9f4a4449f5

View file

@ -18,12 +18,22 @@ func GetStore(p api.ProxyOutpostConfig) sessions.Store {
if err != nil { if err != nil {
panic(err) panic(err)
} }
if p.TokenValidity.IsSet() {
t := p.TokenValidity.Get()
// Add one to the validity to ensure we don't have a session with indefinite length
rs.Options.MaxAge = int(*t) + 1
}
rs.Options.Domain = *p.CookieDomain rs.Options.Domain = *p.CookieDomain
log.Info("using redis session backend") log.Info("using redis session backend")
store = rs store = rs
} else { } else {
cs := sessions.NewCookieStore([]byte(*p.CookieSecret)) cs := sessions.NewCookieStore([]byte(*p.CookieSecret))
cs.Options.Domain = *p.CookieDomain cs.Options.Domain = *p.CookieDomain
if p.TokenValidity.IsSet() {
t := p.TokenValidity.Get()
// Add one to the validity to ensure we don't have a session with indefinite length
cs.Options.MaxAge = int(*t) + 1
}
log.Info("using cookie session backend") log.Info("using cookie session backend")
store = cs store = cs
} }