From 7db010dd718d7a35c532fe7fef54687c593f1a60 Mon Sep 17 00:00:00 2001 From: Hans Zandbelt Date: Wed, 16 Aug 2023 09:42:28 +0100 Subject: [PATCH] 2.4.14.3rc6: fix continuous updating of session cookie introduced in 2.4.14.3rc5 with a0576458adc3218fcacccd1832de27900bf2f683 Signed-off-by: Hans Zandbelt --- configure.ac | 2 +- src/mod_auth_openidc.c | 11 ++--------- src/util.c | 2 +- 3 files changed, 4 insertions(+), 11 deletions(-) diff --git a/configure.ac b/configure.ac index ed33bd02..1345d5ae 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -AC_INIT([mod_auth_openidc],[2.4.14.3rc5],[hans.zandbelt@openidc.com]) +AC_INIT([mod_auth_openidc],[2.4.14.3rc6],[hans.zandbelt@openidc.com]) AC_SUBST(NAMEVER, AC_PACKAGE_TARNAME()-AC_PACKAGE_VERSION()) diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c index e94d48b3..9839162e 100644 --- a/src/mod_auth_openidc.c +++ b/src/mod_auth_openidc.c @@ -1221,8 +1221,6 @@ static apr_byte_t oidc_refresh_claims_from_userinfo_endpoint(request_rec *r, const char *access_token = NULL; char *userinfo_jwt = NULL; - *needs_save = FALSE; - /* get the current provider info */ if (oidc_get_provider_from_session(r, cfg, session, &provider) == FALSE) { *needs_save = TRUE; @@ -1714,8 +1712,6 @@ static int oidc_handle_existing_session(request_rec *r, oidc_cfg *cfg, } } - *needs_save |= rv; - /* set the user authentication HTTP header if set and required */ if ((r->user != NULL) && (authn_header != NULL)) oidc_util_hdr_in_set(r, authn_header, r->user); @@ -3966,11 +3962,8 @@ static int oidc_handle_info_request(request_rec *r, oidc_cfg *c, * side-effect is that this may refresh the access token if not already done * note that OIDCUserInfoRefreshInterval should be set to control the refresh policy */ - if (b_extend_session) { - apr_byte_t l_needs_save = FALSE; - oidc_refresh_claims_from_userinfo_endpoint(r, c, session, &l_needs_save); - needs_save |= l_needs_save; - } + if (b_extend_session) + oidc_refresh_claims_from_userinfo_endpoint(r, c, session, &needs_save); /* include the access token in the session info */ if (apr_hash_get(c->info_hook_data, OIDC_HOOK_INFO_ACCES_TOKEN, diff --git a/src/util.c b/src/util.c index bf0a4e2b..6fbd29a3 100644 --- a/src/util.c +++ b/src/util.c @@ -3205,7 +3205,7 @@ const char* oidc_util_jq_filter(request_rec *r, const char *input, apr_time_now() + apr_time_from_sec(ttl)); } - end: +end: if (parser) jv_parser_free(parser);