From 8f53749b65392c5aea702030f98eb00687a44b70 Mon Sep 17 00:00:00 2001
From: zhangrentian <zhangrentian@umeng.com>
Date: Wed, 19 Jun 2013 11:06:55 +0800
Subject: [PATCH] tgt cookie lifetime should > maximum_session_lifetime

---
 lib/casserver/server.rb | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/casserver/server.rb b/lib/casserver/server.rb
index 3b87c012..b2b47301 100644
--- a/lib/casserver/server.rb
+++ b/lib/casserver/server.rb
@@ -459,7 +459,13 @@ def self.init_database!
 
           # 3.6 (ticket-granting cookie)
           tgt = generate_ticket_granting_ticket(@username, extra_attributes)
-          response.set_cookie('tgt', tgt.to_s)
+          if settings.config[:maximum_session_lifetime]
+            # tgt cookie lifetime should > maximum_session_lifetime
+            tgt_expires = Time.now + settings.config[:maximum_session_lifetime] + 60
+            response.set_cookie('tgt', {:value => tgt.to_s, :expires => tgt_expires})
+          else
+            response.set_cookie('tgt', tgt.to_s)
+          end
 
           $LOG.debug("Ticket granting cookie '#{tgt.inspect}' granted to #{@username.inspect}")
 
@@ -785,4 +791,4 @@ def authenticated_username
       end
     end
   end
-end
\ No newline at end of file
+end