From 623163348f74fc1bd019a676fa24af69dde79654 Mon Sep 17 00:00:00 2001

From: Hans Zandbelt <hans.zandbelt@zmartzone.eu>

Date: Fri, 3 Aug 2018 21:41:34 +0200

Subject: [PATCH 08/11] make the default max number of state cookies 7 instead

 of unlimited

bump to 2.3.8rc1

Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>

(cherry picked from commit 6616372af77df04a9b0b197e759790ecf3f2399a)

---

 ChangeLog    | 5 ++++-

 src/config.c | 2 +-

 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog

index b6ac513..27f45be 100644

--- a/ChangeLog

+++ b/ChangeLog

@@ -1,5 +1,8 @@

-08/01/2018

+

+08/03/2018

 - add option to set an upper limit to the number of concurrent state cookies via OIDCStateMaxNumberOfCookies; see #331

+- make the default maximum number of parallel state cookies 7 instead of unlimited; see #331

+- bump o 2.3.8rc1

 07/06/2018

 - abort when string length for remote user name substitution is larger than 255 characters

diff --git a/src/config.c b/src/config.c

index c793818..6fa6227 100644

--- a/src/config.c

+++ b/src/config.c

@@ -105,7 +105,7 @@

 /* timeout in seconds after which state expires */

 #define OIDC_DEFAULT_STATE_TIMEOUT 300

 /* maximum number of parallel state cookies; 0 means unlimited, until the browser or server gives up */

-#define OIDC_DEFAULT_MAX_NUMBER_OF_STATE_COOKIES 0

+#define OIDC_DEFAULT_MAX_NUMBER_OF_STATE_COOKIES 7

 /* default session inactivity timeout */

 #define OIDC_DEFAULT_SESSION_INACTIVITY_TIMEOUT 300

 /* default session max duration */

-- 

2.26.2