From 9f4a4449f5c3aac5fd8dfa5bd6352e5ea99f93e7 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sat, 25 Sep 2021 16:12:59 +0200
Subject: [PATCH] outposts/proxy: ensure cookies only last as long as tokens

closes #1462

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 internal/outpost/proxyv2/application/session.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/internal/outpost/proxyv2/application/session.go b/internal/outpost/proxyv2/application/session.go
index 06b8abb21..816f3550e 100644
--- a/internal/outpost/proxyv2/application/session.go
+++ b/internal/outpost/proxyv2/application/session.go
@@ -18,12 +18,22 @@ func GetStore(p api.ProxyOutpostConfig) sessions.Store {
 		if err != nil {
 			panic(err)
 		}
+		if p.TokenValidity.IsSet() {
+			t := p.TokenValidity.Get()
+			// Add one to the validity to ensure we don't have a session with indefinite length
+			rs.Options.MaxAge = int(*t) + 1
+		}
 		rs.Options.Domain = *p.CookieDomain
 		log.Info("using redis session backend")
 		store = rs
 	} else {
 		cs := sessions.NewCookieStore([]byte(*p.CookieSecret))
 		cs.Options.Domain = *p.CookieDomain
+		if p.TokenValidity.IsSet() {
+			t := p.TokenValidity.Get()
+			// Add one to the validity to ensure we don't have a session with indefinite length
+			cs.Options.MaxAge = int(*t) + 1
+		}
 		log.Info("using cookie session backend")
 		store = cs
 	}