From 9f2017a5f9cf9e085e5a3e6de347e38eb442f281 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Wed, 28 Oct 2015 16:38:23 +0000
Subject: [PATCH] _check_divert_core: Update cookie lifetime when request is OK

The timeout should be from last load, not from login.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
---
 TODO                 |  3 ---
 cgi-auth-flexible.pm | 12 ++++++++++++
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/TODO b/TODO
index c0ba9a1..0afd1e9 100644
--- a/TODO
+++ b/TODO
@@ -1,6 +1,3 @@
-update last in db when we return undef from check_divert
-
-
 untranslated
  GNU Affero GPL
  Source available
diff --git a/cgi-auth-flexible.pm b/cgi-auth-flexible.pm
index bdb96c6..21805cf 100644
--- a/cgi-auth-flexible.pm
+++ b/cgi-auth-flexible.pm
@@ -919,6 +919,8 @@ sub _check_divert_core ($) {
         die unless $parmt eq 'y';
         die unless $cookh eq $parmh;
     }
+    $r->_db_update_last($cooku,$parmh);
+
     $r->{ParmT} = $parmt;
     $r->{AssocRaw} = $cooks;
     $r->{UserOK} = $cooku;
@@ -1024,6 +1026,16 @@ sub _db_record_login_ok ($$$) {
 	     $h, $user, time);
 }
 
+sub _db_update_last ($$) {
+    # revokes $h if it's valid; no-op if it's not
+    my ($r,$user,$h) = @_;
+    my $dbh = $r->{Dbh};
+    $dbh->do("UPDATE $r->{S}{db_prefix}_assocs".
+             " SET last = ?".
+	     " WHERE username = ? AND assochash = ?", {},
+             time, $user, $h);
+}
+
 sub check_divert ($) {
     my ($r) = @_;
     if (exists $r->{Divert}) {
-- 
2.30.2