Hi, working on project that use cosign, I've noticed that cookie time is in milliseconds if created by java filter, while is in seconds if created by mod_cosign.so.
Here is an example generated by java filter: cosign-serv1=xWHucaNmqP9FLF-GJDB7Lft9QYTXRRIJGfo8ssL9JNuGINCB7MUANIRH3GkT+kOHNelyl1o4PAFmcEz8EeA+FwiqjA1OXh-V4Re1LOewNEUfrE-1G5DhOSthJRfk/1624979055037 and this is from mod_cosign.so: cosign-serv2=BW5qU8OSJ7e3ldPxzVbccT3BJt8bR4hy43CoaNah8ALS+IEtqCDzLYzLWR7Qb9Bier5O-Q-MTQiKRleiCcxBpRTS7wwEjnJOrwnwuc4+OdwTEg-OkYNmAaEXWVMZ/1624979069 If mod_cosign.so manages a cookie created by the java application it has unpredictable behavior due to this line: cookietime = atoi( misc ); where cookietime is an int. At the moment to work around this problem I have defined two distinct services. I've also tested this change to cosign_auth function in filters/apache2/mod_cosign.c: /* if it's a stale cookie, give out a new one */ gettimeofday( &now, NULL ); (void)strtok( my_cookie, "/" ); if (( misc = strtok( NULL, "/" )) != NULL ) { dim = strlen(misc); if (dim > 10) misc[10] = '\0'; cookietime = atoi( misc ); } if (( cookietime > 0 ) && ( now.tv_sec - cookietime ) > cfg->expiretime ) { goto redirect; } With this I can share cookie created by java application in virtualhost protected by mod_cosign.so. I haven't tested if the java filter fails by receiving a cookie created by mod_cosign.so. I would like to know if it is a choice not to be able to have services implemented with different technologies and which share the cookie. Thanks in advance [cid:image002.png@01D76D16.7ADAD9B0] [cid:image003.jpg@01D76D10.FB2CCAC0] Letizia Angela Siri Software Engineer Open Network & Platform Italtel S.p.A. Via Reiss Romoli 20019 Settimo Milanese - MI - Italy email: letiziaangela.s...@italtel.com<mailto:letiziaangela.s...@italtel.com> P: +39 0243881 - +39 0243887195 www.italtel.com<http://www.italtel.com/> [cid:image004.jpg@01D76D10.FB2CCAC0]<http://www.linkedin.com/company/italtel?trk=top_nav_home> [cid:image005.png@01D76D10.FB2CCAC0] <http://www.twitter.com/intent/follow?original_referer=http://twitter.com/goodies2Fbuttons&screen_name=italtel&source=followbutton&variant=2.0> [cid:image006.jpg@01D76D10.FB2CCAC0] <https://www.instagram.com/italtel_hq/> [cid:image007.png@01D76D10.FB2CCAC0] <http://www.youtube.com/user/ItaltelChannel>
_______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss