tgt cookie lifetime should > maximum_session_lifetime

[anvyzhang]

If maximum_session_lifetime was set, then tgt cookie should have a life time more than maximum_session_lifetime

[mitfik]

Hi,

As I understand we do not set any expiration time which mean that by default it should be "At end of session".
So I do not see any reason why we would like to set any. Could you provide your scenario where you need that? Or explain why you want to add that.

Thanks

[anvyzhang]

rubycas-server/lib/casserver/cas.rb:152

if settings.config[:maximum_session_lifetime] && Time.now - tgt.created_on > settings.config[:maximum_session_lifetime]

tgt stores in cookie if maximum_session_lifetime was set and cookie tgt lifetime shorter than maximum_session_lifetime then error No ticket granting ticket given. occurred. but it was not supposed to be like this since you set maximum_session_lifetime

[anvyzhang]

then what?

[mitfik]

then we will create few tests to confirm your error/scenario and then we will apply the fix. We need to make sure that it will not break anything. I will try to do it as soon as possible I will keep posting you about progress.