Commit ca680333 authored by ale's avatar ale

Check the deadline independently from securecookie

parent 79c42231
......@@ -162,6 +162,11 @@ func (l *Login) fetchOrInitSession(req *http.Request) *loginSession {
if err != nil {
return new(loginSession)
// Check our own Deadline anyway (for authenticated sessions), do not
// necessarily trust the securecookie.
if !session.Deadline.IsZero() && time.Now().UTC().After(session.Deadline) {
return new(loginSession)
return session
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment