From 9bc9d9c391b0726d9b4538a79732f24f7d974443 Mon Sep 17 00:00:00 2001
From: Mark Sapiro <msapiro@value.net>
Date: Mon, 25 Apr 2011 15:40:16 -0700
Subject: A new mm_cfg.py setting AUTHENTICATION_COOKIE_LIFETIME has been
 added. If this is set to a non-zero value, web authentication cookies will
 expire that many seconds following their last use.  Its default value is zero
 to preserve current behavior.

---
 Mailman/Defaults.py.in     | 4 ++++
 Mailman/SecurityManager.py | 7 ++++++-
 NEWS                       | 5 +++++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in
index 1bf8362d..e6a0e400 100644
--- a/Mailman/Defaults.py.in
+++ b/Mailman/Defaults.py.in
@@ -104,6 +104,10 @@ MAILMAN_SITE_LIST = 'mailman'
 # the site.  Set this value to Yes to allow site admin cookies.
 ALLOW_SITE_ADMIN_COOKIES = No
 
+# If the following is set to a non-zero value, web authentication cookies will
+# expire that many seconds following their last use.
+AUTHENTICATION_COOKIE_LIFETIME = 0
+
 # Command that is used to convert text/html parts into plain text.  This
 # should output results to standard output.  %(filename)s will contain the
 # name of the temporary file that the program should operate on.
diff --git a/Mailman/SecurityManager.py b/Mailman/SecurityManager.py
index 902c1fdd..c2f57cc4 100644
--- a/Mailman/SecurityManager.py
+++ b/Mailman/SecurityManager.py
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2008 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2011 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -224,6 +224,8 @@ class SecurityManager:
         for ac in authcontexts:
             ok = self.CheckCookie(ac, user)
             if ok:
+                # Refresh the cookie
+                print self.MakeCookie(ac, user)
                 return True
         # Check passwords
         ac = self.Authenticate(authcontexts, response, user)
@@ -342,6 +344,9 @@ class SecurityManager:
         now = time.time()
         if now < issued:
             return False
+        if (mm_cfg.AUTHENTICATION_COOKIE_LIFETIME and
+                issued + mm_cfg.AUTHENTICATION_COOKIE_LIFETIME < now):
+            return False
         # Calculate what the mac ought to be based on the cookie's timestamp
         # and the shared secret.
         mac = sha_new(secret + `issued`).hexdigest()
diff --git a/NEWS b/NEWS
index 6fe291f5..394d596a 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,11 @@ Here is a history of user visible changes to Mailman.
 
   New Features
 
+    - A new mm_cfg.py setting AUTHENTICATION_COOKIE_LIFETIME has been added.
+      If this is set to a non-zero value, web authentication cookies will
+      expire that many seconds following their last use.  Its default value is
+      zero to preserve current behavior.
+
     - A new mm_cfg.py setting RESPONSE_INCLUDE_LEVEL has been added to control
       how much of the original message is included in automatic responses to
       email commands.  The default is 2 to preserve the prior behavior of
-- 
cgit v1.2.3