Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ability to set cookie expiry time #22

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -216,6 +216,11 @@ MellonDiagnosticsEnable Off
# Default: /
MellonCookiePath /

# MellonCookieExpires seconds into the future the cookie will expire
# the date will be now() + MellonCookieExpires
# Default: Unset (Browser Session)
# MellonCookieExpires 86400

# MellonCookieSameSite allows control over the SameSite value used
# for the authentication cookie.
# The setting accepts values of "Strict", "Lax", or "None".
Expand Down
3 changes: 3 additions & 0 deletions auth_mellon.h
Original file line number Diff line number Diff line change
Expand Up @@ -276,6 +276,9 @@ typedef struct am_dir_cfg_rec {
/* Maximum number of seconds a session is valid for. */
int session_length;

/* When cookie expires */
int cookie_expires;

/* No cookie error page. */
const char *no_cookie_error_page;

Expand Down
13 changes: 13 additions & 0 deletions auth_mellon_config.c
Original file line number Diff line number Diff line change
Expand Up @@ -1549,6 +1549,14 @@ const command_rec auth_mellon_commands[] = {
"Maximum number of seconds a session will be valid for. Defaults"
" to 86400 seconds (1 day)."
),
AP_INIT_TAKE1(
"MellonCookieExpires",
ap_set_int_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, cookie_expires),
OR_AUTHCFG,
"Maximum number of seconds a cookie will be valid for"
"Defaults to browser session"
),
AP_INIT_TAKE1(
"MellonNoCookieErrorPage",
ap_set_string_slot,
Expand Down Expand Up @@ -1869,6 +1877,7 @@ void *auth_mellon_dir_config(apr_pool_t *p, char *d)
dir->endpoint_path = default_endpoint_path;

dir->session_length = -1; /* -1 means use default. */
dir->cookie_expires = -1; /* -1 means use default. */

dir->no_cookie_error_page = NULL;
dir->no_success_error_page = NULL;
Expand Down Expand Up @@ -2052,6 +2061,10 @@ void *auth_mellon_dir_merge(apr_pool_t *p, void *base, void *add)
add_cfg->session_length :
base_cfg->session_length);

new_cfg->cookie_expires = (add_cfg->cookie_expires != -1 ?
add_cfg->cookie_expires :
base_cfg->cookie_expires);

new_cfg->no_cookie_error_page = (add_cfg->no_cookie_error_page != NULL ?
add_cfg->no_cookie_error_page :
base_cfg->no_cookie_error_page);
Expand Down
14 changes: 12 additions & 2 deletions auth_mellon_cookie.c
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,8 @@ static const char *am_cookie_params(request_rec *r)
const char *cookie_domain = ap_get_server_name(r);
const char *cookie_path = "/";
const char *cookie_samesite = "";
const char *cookie_expires = "";
char rbuf[APR_RFC822_DATE_LEN + 1];
const char *env_var_value = NULL;
am_dir_cfg_rec *cfg = am_get_dir_cfg(r);

Expand Down Expand Up @@ -90,12 +92,20 @@ static const char *am_cookie_params(request_rec *r)
secure_cookie = cfg->secure;
http_only_cookie = cfg->http_only;

if ( cfg->cookie_expires > -1 ) {
apr_rfc822_date(rbuf, apr_time_now() + (APR_USEC_PER_SEC * cfg->cookie_expires));
cookie_expires = apr_psprintf(r->pool, "; Expires=%s", rbuf);
}

return apr_psprintf(r->pool,
"Version=1; Path=%s; Domain=%s%s%s%s",

"Version=1; Path=%s; Domain=%s%s%s%s%s",

cookie_path, cookie_domain,
http_only_cookie ? "; HttpOnly" : "",
secure_cookie ? "; secure" : "",
cookie_samesite);
cookie_samesite,
cfg->cookie_expires > -1 ? cookie_expires : "");
}


Expand Down
6 changes: 4 additions & 2 deletions doc/user_guide/mellon_user_guide.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -1948,8 +1948,6 @@ validity period for a Mellon session is the lesser of the
`MellonSessionLength` or the optional IdP `SessionNotOnOrAfter`
attribute if the IdP supplied it.



=== Mellon Cookie [[mellon_cookie]]

<<mellon_session>> information is communicated via a cookie. The
Expand Down Expand Up @@ -1977,6 +1975,10 @@ is found and it remains valid, Mellon immediately grants access. A
Mellon session will expire, see <<mellon_session>> for information
concerning session lifetime.

MellonCookieExpires can change how long the cookie lives. By default cookie
lives as long as browser session, but using MellonCookieExpires directive
it's possible to set cookie expiry that many seconds into the future

== Working with SAML attributes and exporting values to web apps

When you receive a SAML assertion authenticating a subject, the
Expand Down