From 7f81371f55a4a28000675023ad949e217d22bea3 Mon Sep 17 00:00:00 2001
From: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
Date: Wed, 12 Sep 2018 20:05:34 +0200
Subject: [PATCH 11/11] oops: document OIDCStateMaxNumberOfCookies for release
2.3.8
Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
(cherry picked from commit 406a4915d3747d4cfdc2283f287a99ba1c7b446a)
---
auth_openidc.conf | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/auth_openidc.conf b/auth_openidc.conf
index eb83c24..48dd027 100644
--- a/auth_openidc.conf
+++ b/auth_openidc.conf
@@ -446,6 +446,13 @@
# When not defined, no cookies are stripped.
#OIDCStripCookies [<cookie-name>]+
+# Specify the maximum number of state cookies i.e. the maximum number of parallel outstanding
+# authentication requests. See: https://github.com/zmartzone/mod_auth_openidc/issues/331
+# Setting this to 0 means unlimited, until the browser or server gives up which is the
+# behavior of mod_auth_openidc < 2.3.8, which did not have this configuration option.
+# When not defined, the default is 7.
+#OIDCStateMaxNumberOfCookies <number>
+
########################################################################################
#
# Session Settings (only relevant in an OpenID Connect Relying Party setup)
--
2.26.2