Revert setting sessionMaxAge for old clients

Older clients have issues properly parsing cookies and the sessionMaxAge setting is one of those that breaks them. Comment out the setting and add a comment that explains why it is not set by default. https://pagure.io/freeipa/issue/7001 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Pavel Vomacka <pvomacka@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2025-02-25 18:55:28 -06:00 · 2017-06-06 09:04:58 -04:00
parent 77db574cca
commit c52ca92cda
1 changed files with 4 additions and 2 deletions
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -1,5 +1,5 @@
 #
-# VERSION 26 - DO NOT REMOVE THIS LINE
+# VERSION 27 - DO NOT REMOVE THIS LINE
 #
 # This file may be overwritten on upgrades.
 #
@@ -77,7 +77,9 @@ WSGIScriptReloading Off
  Session On
  SessionCookieName ipa_session path=/ipa;httponly;secure;
  SessionHeader IPASESSION
-  SessionMaxAge 1800
+  # Uncomment the following to have shorter sessions, but beware this may break
+  # old IPA client tols that incorrectly parse cookies.
+  # SessionMaxAge 1800
  GssapiSessionKey file:/etc/httpd/alias/ipasession.key

  GssapiImpersonate On