Set expiration of cookies in Auth plugin to 3 days
Change-Id: Ib9549df50b2f931e54b4cdc83c407ca8519ac683
diff --git a/Changes b/Changes
index d7e596e..baa36e4 100755
--- a/Changes
+++ b/Changes
@@ -1,4 +1,4 @@
-0.45 2022-05-11
+0.45 2022-05-20
- Added confidential client support to OAuth. (diewald)
- Added OAuth client authorization handling. (diewald)
- Mark public clients as slightly more insecure. (diewald)
@@ -6,6 +6,8 @@
- Support plugin declarations on registration. (diewald)
- Fetch client information before grant request. (diewald)
- Enable Zooming on mobile clients. (diewald)
+ - Auth Plugin sets cookie expiration explicitely
+ to 3 days. (diewald)
0.44 2022-02-31
- Fixed autosecrets migration. (diewald)
diff --git a/lib/Kalamar/Plugin/Auth.pm b/lib/Kalamar/Plugin/Auth.pm
index dfaaad0..7e712fb 100644
--- a/lib/Kalamar/Plugin/Auth.pm
+++ b/lib/Kalamar/Plugin/Auth.pm
@@ -44,6 +44,11 @@
});
};
+ # Set session default timeout
+ for ($app->sessions) {
+ $_->default_expiration(60*60*24*3); # Session expires after 3 days of non-use
+ };
+
# Get the client id and the client_secret as a requirement
unless ($param->{client_id} && $param->{client_secret}) {
$app->log->error('client_id or client_secret not defined');
@@ -487,7 +492,6 @@
# If the request already has an Authorization
# header, respect it!
if ($h->authorization) {
-
return $ua->start_p($tx);
};