483b06
From f231d5ceb283723c42f6c15210c76f28324c2e15 Mon Sep 17 00:00:00 2001
483b06
From: Simo Sorce <simo@redhat.com>
483b06
Date: Tue, 6 Jun 2017 09:04:58 -0400
483b06
Subject: [PATCH] Revert setting sessionMaxAge for old clients
483b06
483b06
Older clients have issues properly parsing cookies and the sessionMaxAge
483b06
setting is one of those that breaks them.
483b06
Comment out the setting and add a comment that explains why it is not
483b06
set by default.
483b06
483b06
https://pagure.io/freeipa/issue/7001
483b06
483b06
Signed-off-by: Simo Sorce <simo@redhat.com>
483b06
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
483b06
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
483b06
---
483b06
 install/conf/ipa.conf | 6 ++++--
483b06
 1 file changed, 4 insertions(+), 2 deletions(-)
483b06
483b06
diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf
483b06
index a7ca5ce715e55960b8edd307cdbe41dcbd6b29ca..01bf9a4f97fc0cf197c0ad12743affa597b54911 100644
483b06
--- a/install/conf/ipa.conf
483b06
+++ b/install/conf/ipa.conf
483b06
@@ -1,5 +1,5 @@
483b06
 #
483b06
-# VERSION 26 - DO NOT REMOVE THIS LINE
483b06
+# VERSION 27 - DO NOT REMOVE THIS LINE
483b06
 #
483b06
 # This file may be overwritten on upgrades.
483b06
 #
483b06
@@ -77,7 +77,9 @@ WSGIScriptReloading Off
483b06
   Session On
483b06
   SessionCookieName ipa_session path=/ipa;httponly;secure;
483b06
   SessionHeader IPASESSION
483b06
-  SessionMaxAge 1800
483b06
+  # Uncomment the following to have shorter sessions, but beware this may break
483b06
+  # old IPA client tols that incorrectly parse cookies.
483b06
+  # SessionMaxAge 1800
483b06
   GssapiSessionKey file:/etc/httpd/alias/ipasession.key
483b06
 
483b06
   GssapiImpersonate On
483b06
-- 
483b06
2.9.4
483b06