session-timeout issue
Description of problem:
The current handling of session timeout uses the wrong value for comparison (checking the start of the GnuTLS session, rather than the creation of the "session" associated with the cookies used for re-connection).
With clients that use a cookie to re-connect, they can effectively stay connected "forever", so long as they continually disconnect/re-connect prior to the expiration of the session-timeout value.
Expected results:
A user connected at session-timeout time should be disconnected and should not be able to use existing cookies to reconnect.