From b73c8246c2023feae9eb5332a69f0ab8a1cd4e3d Mon Sep 17 00:00:00 2001 From: Anton Tananaev Date: Sun, 26 Nov 2023 08:21:33 -0800 Subject: Limit token expiration extension --- src/main/java/org/traccar/api/resource/SessionResource.java | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src') diff --git a/src/main/java/org/traccar/api/resource/SessionResource.java b/src/main/java/org/traccar/api/resource/SessionResource.java index 0435f4f92..02c9837f0 100644 --- a/src/main/java/org/traccar/api/resource/SessionResource.java +++ b/src/main/java/org/traccar/api/resource/SessionResource.java @@ -181,6 +181,10 @@ public class SessionResource extends BaseResource { @POST public String requestToken( @FormParam("expiration") Date expiration) throws StorageException, GeneralSecurityException, IOException { + Date currentExpiration = (Date) request.getSession().getAttribute(EXPIRATION_KEY); + if (currentExpiration != null && currentExpiration.before(expiration)) { + expiration = currentExpiration; + } return tokenManager.generateToken(getUserId(), expiration); } -- cgit v1.2.3