From 623163348f74fc1bd019a676fa24af69dde79654 Mon Sep 17 00:00:00 2001 From: Hans Zandbelt Date: Fri, 3 Aug 2018 21:41:34 +0200 Subject: [PATCH 08/11] make the default max number of state cookies 7 instead of unlimited bump to 2.3.8rc1 Signed-off-by: Hans Zandbelt (cherry picked from commit 6616372af77df04a9b0b197e759790ecf3f2399a) --- ChangeLog | 5 ++++- src/config.c | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index b6ac513..27f45be 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,8 @@ -08/01/2018 + +08/03/2018 - add option to set an upper limit to the number of concurrent state cookies via OIDCStateMaxNumberOfCookies; see #331 +- make the default maximum number of parallel state cookies 7 instead of unlimited; see #331 +- bump o 2.3.8rc1 07/06/2018 - abort when string length for remote user name substitution is larger than 255 characters diff --git a/src/config.c b/src/config.c index c793818..6fa6227 100644 --- a/src/config.c +++ b/src/config.c @@ -105,7 +105,7 @@ /* timeout in seconds after which state expires */ #define OIDC_DEFAULT_STATE_TIMEOUT 300 /* maximum number of parallel state cookies; 0 means unlimited, until the browser or server gives up */ -#define OIDC_DEFAULT_MAX_NUMBER_OF_STATE_COOKIES 0 +#define OIDC_DEFAULT_MAX_NUMBER_OF_STATE_COOKIES 7 /* default session inactivity timeout */ #define OIDC_DEFAULT_SESSION_INACTIVITY_TIMEOUT 300 /* default session max duration */ -- 2.26.2