From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 26 Jan 2025 10:57:11 +0000 (+0000)
Subject: auth: Correctly set session expiry time in cookies
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=860c7c57fe6f3da49fbe36780ddcac0695792c49;p=pbs.git

auth: Correctly set session expiry time in cookies

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/web/auth.py b/src/web/auth.py
index 1d4c5fea..3617f6d8 100644
--- a/src/web/auth.py
+++ b/src/web/auth.py
@@ -37,7 +37,8 @@ class LoginHandler(base.KerberosAuthMixin, base.BaseHandler):
 				self.current_address, user_agent=self.user_agent)
 
 		# Send the session cookie to the browser
-		self.set_cookie("session_id", session.session_id, secure=True, expires=session.valid_until)
+		self.set_cookie("session_id", session.session_id,
+			secure=True, expires=session.expires_at)
 
 		# If there is "next" given, we redirect the user accordingly
 		next = self.get_argument("next", None)