From 860c7c57fe6f3da49fbe36780ddcac0695792c49 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 26 Jan 2025 10:57:11 +0000
Subject: [PATCH] auth: Correctly set session expiry time in cookies

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/web/auth.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/web/auth.py b/src/web/auth.py
index 1d4c5fea..3617f6d8 100644
--- a/src/web/auth.py
+++ b/src/web/auth.py
@@ -37,7 +37,8 @@ class LoginHandler(base.KerberosAuthMixin, base.BaseHandler):
 				self.current_address, user_agent=self.user_agent)
 
 		# Send the session cookie to the browser
-		self.set_cookie("session_id", session.session_id, secure=True, expires=session.valid_until)
+		self.set_cookie("session_id", session.session_id,
+			secure=True, expires=session.expires_at)
 
 		# If there is "next" given, we redirect the user accordingly
 		next = self.get_argument("next", None)
-- 
2.47.3