REST: expire cookies

author: Schanzenbach, Martin <mschanzenbach@posteo.de> 2018-11-28 09:23:03 +0100
committer: Schanzenbach, Martin <mschanzenbach@posteo.de> 2018-11-28 09:23:03 +0100
commit: 3fc5340f4cc762d091904ee829c3bcadca452ece (patch)
tree: 67a739974f263dd449ff4c35f70ecd350bc94e6e /src/rest-plugins
parent: 6af0c6d7c6b7f915b832df2bbb907e688deaa452 (diff)
download: gnunet-3fc5340f4cc762d091904ee829c3bcadca452ece.tar.gz
gnunet-3fc5340f4cc762d091904ee829c3bcadca452ece.zip
1 files changed, 14 insertions, 2 deletions
diff --git a/src/rest-plugins/plugin_rest_openid_connect.c b/src/rest-plugins/plugin_rest_openid_connect.c
index 9325d5825..ca988387c 100644
--- a/src/rest-plugins/plugin_rest_openid_connect.c
+++ b/src/rest-plugins/plugin_rest_openid_connect.c
@@ -121,6 +121,11 @@
 #define OIDC_NONCE_KEY "nonce"
 /**
+ * OIDC cookie expiration (in seconds)
+ */
+#define OIDC_COOKIE_EXPIRATION 3
+/**
 * OIDC cookie header key
 */
 #define OIDC_COOKIE_HEADER_KEY "cookie"
@@ -1398,6 +1403,7 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle,
  struct GNUNET_TIME_Absolute *current_time;
  struct GNUNET_TIME_Absolute *last_time;
  char* cookie;
+  char* header_val;
  json_t *root;
  json_error_t error;
  json_t *identity;
@@ -1416,7 +1422,13 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle,
    GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
    return;
  }
-  GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity));
+  GNUNET_asprintf (&cookie,
+                   "Identity=%s",
+                   json_string_value (identity));
+  GNUNET_asprintf (&header_val,
+                   "%s;Max-Age=%d",
+                   cookie,
+                   OIDC_COOKIE_EXPIRATION);
  MHD_add_response_header (resp, "Set-Cookie", cookie);
  MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST");
  GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key);
@@ -1427,7 +1439,7 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle,
    current_time = GNUNET_new(struct GNUNET_TIME_Absolute);
    *current_time = GNUNET_TIME_relative_to_absolute (
                                                      GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (),
-                                                                                     5));
+                                                                                     OIDC_COOKIE_EXPIRATION));
    last_time = GNUNET_CONTAINER_multihashmap_get(OIDC_identity_login_time, &cache_key);
    if (NULL != last_time)
    {
author	Schanzenbach, Martin <mschanzenbach@posteo.de>	2018-11-28 09:23:03 +0100
committer	Schanzenbach, Martin <mschanzenbach@posteo.de>	2018-11-28 09:23:03 +0100
commit	3fc5340f4cc762d091904ee829c3bcadca452ece (patch)
tree	67a739974f263dd449ff4c35f70ecd350bc94e6e /src/rest-plugins
parent	6af0c6d7c6b7f915b832df2bbb907e688deaa452 (diff)
download	gnunet-3fc5340f4cc762d091904ee829c3bcadca452ece.tar.gz gnunet-3fc5340f4cc762d091904ee829c3bcadca452ece.zip