Add ability to set cookie expiry time

[JamesCullum]

This feature would be highly appreciated and I found that someone already wrote the code and had it reviewed: https://github.com/Uninett/mod_auth_mellon/pull/188

Sadly it was not merged in time.

[simo5]

@slava please rebase this on top of master (do not use merge commits)

[JamesCullum]

Until then, this is a workaround to make the cookie valid for one year.

<If "%{HTTP_COOKIE} =~ /mellon-cookie/">
	SetEnvIf Cookie "(^|;\ *)mellon-cookie=([^;\ ]+)" MellonToken=$$2
	SetEnvIf Host "(.+)" ENVHOST=$$1
	Header always set Set-Cookie "mellon-cookie=%{MellonToken}e; Version=1; Path=/; Domain=%{ENVHOST}e; Max-Age=31556952; HttpOnly; Secure"
</If>

[afu-dev]

Any news about this PR? Still waiting for the rebase that's right?

I can redo the patch in a new branch if needed.

[thijskh]

@afu-dev Would be great if you could do that!

[afu-dev]

I don't think the repository is still maintained. My comment was a few years ago 😅

If I can recall correctly, I ended up building the patch myself to use it. Then migrated to another solution.

[afu-dev]

Oh, I guess you are maintaining it now? But like I said, haven't touched the repo for +3y, I can't remember what I did to make everything work sorry 😕

[thijskh]

The project has been and currenly is under active maintenance. However it's pretty stable and most PR's relate to new features (like this one). As maintainers we do not always have a priority to work on new features that we/our employers do not use ourselves. So it may take some time to get to feature request PR's.