mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
d63326632b
We slice down the received cookie so that just the content that matter is preserved. Thi is ok because servers can't trust anything else anyway and will accept a cookie with the ancillary data missing. By removing variable parts like the expiry component added by mod_session or the Expiration or Max-Age metadata we keep only the part of the cookie that changes only when a new session is generated. This way when storing the cookie we actually add a new entry in the ccache only when the session actually changes, and this prevents churn on FILE based ccaches. Related https://pagure.io/freeipa/issue/6775 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>