2 files changed, 10 insertions, 1 deletions

diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in
index 1bf8362d..e6a0e400 100644
--- a/Mailman/Defaults.py.in
+++ b/Mailman/Defaults.py.in
@@ -104,6 +104,10 @@ MAILMAN_SITE_LIST = 'mailman'
 # the site.  Set this value to Yes to allow site admin cookies.
 ALLOW_SITE_ADMIN_COOKIES = No
 
+# If the following is set to a non-zero value, web authentication cookies will
+# expire that many seconds following their last use.
+AUTHENTICATION_COOKIE_LIFETIME = 0
+
 # Command that is used to convert text/html parts into plain text.  This
 # should output results to standard output.  %(filename)s will contain the
 # name of the temporary file that the program should operate on.
diff --git a/Mailman/SecurityManager.py b/Mailman/SecurityManager.py
index 902c1fdd..c2f57cc4 100644
--- a/Mailman/SecurityManager.py
+++ b/Mailman/SecurityManager.py
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2008 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2011 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -224,6 +224,8 @@ class SecurityManager:
         for ac in authcontexts:
             ok = self.CheckCookie(ac, user)
             if ok:
+                # Refresh the cookie
+                print self.MakeCookie(ac, user)
                 return True
         # Check passwords
         ac = self.Authenticate(authcontexts, response, user)
@@ -342,6 +344,9 @@ class SecurityManager:
         now = time.time()
         if now < issued:
             return False
+        if (mm_cfg.AUTHENTICATION_COOKIE_LIFETIME and
+                issued + mm_cfg.AUTHENTICATION_COOKIE_LIFETIME < now):
+            return False
         # Calculate what the mac ought to be based on the cookie's timestamp
         # and the shared secret.
         mac = sha_new(secret + `issued`).hexdigest()