Draft: Fix session-timeout handling. (!412) · Merge requests · OpenConnect VPN projects / ocserv

Victor Orlikowski requested to merge vjo-duke/ocserv:fix-session-timeout into master Jan 07, 2024

The current handling of session timeout uses the wrong value for comparison (checking the start of the GnuTLS session, rather than the creation of the "session" associated with the cookies used for re-connection).

With clients that use a cookie to re-connect, they can effectively stay connected "forever", so long as they continually disconnect/re-connect prior to the expiration of the session-timeout value.

This patch addresses that, by passing the correct session creation time through to the session-timeout check.

This may address: #541 (closed) #549

Checklist

Code modified for feature
Test suite updated with functionality tests
Documentation updated / NEWS entry present (for non-trivial changes)

Reviewer's checklist:

Any issues marked for closing are addressed
There is a test suite reasonably covering new functionality or modifications
Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTING.md
This feature/change has adequate documentation added
No obvious mistakes in the code

Edited Jan 07, 2024 by Dimitri Papadopoulos Orfanos

Draft: Fix session-timeout handling.

Checklist

Reviewer's checklist:

Merge request reports