From d08b87b3858894154fe89350b8f6e8593172d40a Mon Sep 17 00:00:00 2001 From: Max Countryman Date: Sat, 27 Jan 2024 08:17:05 -0800 Subject: [PATCH] ensure expires session Here we manually check the configured session expiry to ensure that we account for `Expires: Session`. This follows the Django implementation. See: https://github.com/django/django/blob/9c6d7b4a678b7bbc6a1a14420f686162ba9016f5/django/contrib/sessions/middleware.py#L48-L49 --- src/service.rs | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/service.rs b/src/service.rs index cc8e62d..2791e16 100644 --- a/src/service.rs +++ b/src/service.rs @@ -30,14 +30,16 @@ struct SessionConfig { } impl SessionConfig { - fn build_cookie<'c>(&self, session_id: session::Id, expiry_age: Duration) -> Cookie<'c> { + fn build_cookie<'c>(&self, session_id: session::Id, max_age: Option) -> Cookie<'c> { let mut cookie_builder = Cookie::build((self.name.clone(), session_id.to_string())) .http_only(self.http_only) .same_site(self.same_site) .secure(self.secure) .path(self.path.clone()); - cookie_builder = cookie_builder.max_age(expiry_age); + if let Some(max_age) = max_age { + cookie_builder = cookie_builder.max_age(max_age); + } if let Some(domain) = &self.domain { cookie_builder = cookie_builder.domain(domain.clone()); @@ -169,8 +171,12 @@ where return Ok(res); }; - let expiry_age = session.expiry_age(); - let session_cookie = session_config.build_cookie(session_id, expiry_age); + let max_age = match session.expiry() { + Some(Expiry::OnSessionEnd) | None => None, + _ => Some(session.expiry_age()), + }; + + let session_cookie = session_config.build_cookie(session_id, max_age); tracing::debug!("adding session cookie"); cookies.add(session_cookie);