From 5736b748338a6737f6c24c063b724ebdb77fb79f Mon Sep 17 00:00:00 2001
From: Ivan Kohler <ivan@freeside.biz>
Date: Tue, 18 Jul 2023 16:28:58 -0700
Subject: default to a session cookie instead of setting an explicit timeout,
 weird timezone/clock skew effects on server can cause firefox and other
 browsers to reject the session cookie, leading to silent login failures

---
 fs_selfservice/FS-SelfService/cgi/selfservice.cgi | 2 --
 1 file changed, 2 deletions(-)

(limited to 'fs_selfservice/FS-SelfService/cgi')

diff --git a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
index 6eab11dae..b1fea7da2 100755
--- a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
+++ b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
@@ -1250,10 +1250,8 @@ sub do_template {
   $fill_in->{$_} = $access_info->{$_} foreach keys %$access_info;
 
   # update the user's authentication
-  my $timeout = $access_info->{'timeout'} || '3600';
   my $cookie = CGI::Cookie->new('-name'     => 'session',
                                 '-value'    => $session_id,
-                                '-expires'  => '+'.$timeout.'s',
                                 #'-secure'   => 1, # would be a good idea...
                                );
   if ( $name eq 'logout' ) {
-- 
cgit v1.2.1