HTTP-Header: Lebenszeit für Session-ID-Cookie setzen gefixt

Der Name des Parameters lautet `-expires`, nicht `-expire`.

Außerdem den Timeout direkt aus `$::auth` lesen, um denselben
Standardwert zu nehmen, falls der Timeout nicht in der Konfiguration
gesetzt ist.

diff --git a/SL/Form.pm b/SL/Form.pm
index 46c52cb..b8670ca 100644 (file)
--- a/SL/Form.pm
+++ b/SL/Form.pm
@@ -382,11 +382,11 @@ sub create_http_response {
     my $session_cookie_value = $main::auth->get_session_id();
 
     if ($session_cookie_value) {
-      $session_cookie = $cgi->cookie('-name'   => $main::auth->get_session_cookie_name(),
-                                     '-value'  => $session_cookie_value,
-                                     '-path'   => $uri->path,
-                                     '-expire' => '+' . ($::lx_office_conf{authentication}->{session_timeout} // 60) . 'm',
-                                     '-secure' => $::request->is_https);
+      $session_cookie = $cgi->cookie('-name'    => $main::auth->get_session_cookie_name(),
+                                     '-value'   => $session_cookie_value,
+                                     '-path'    => $uri->path,
+                                     '-expires' => '+' . $::auth->{session_timeout} . 'm',
+                                     '-secure'  => $::request->is_https);
     }
   }