From 0645d18e677ad399d36d1ca23327097af2043504 Mon Sep 17 00:00:00 2001
From: axolotle <nchesnais@mailoo.org>
Date: Mon, 4 Sep 2023 16:19:07 +0200
Subject: [PATCH] add host as session cookie info

---
 src/authenticators/ldap_ynhuser.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/authenticators/ldap_ynhuser.py b/src/authenticators/ldap_ynhuser.py
index 2add68cab..331cf9e25 100644
--- a/src/authenticators/ldap_ynhuser.py
+++ b/src/authenticators/ldap_ynhuser.py
@@ -115,7 +115,7 @@ class Authenticator(BaseAuthenticator):
 
     def set_session_cookie(self, infos):
 
-        from bottle import response
+        from bottle import response, request
 
         assert isinstance(infos, dict)
 
@@ -126,7 +126,8 @@ class Authenticator(BaseAuthenticator):
             # See https://pyjwt.readthedocs.io/en/latest/usage.html#registered-claim-names
             # for explanations regarding nbf, exp
             "nbf": int(datetime.datetime.now().timestamp()),
-            "exp": int(datetime.datetime.now().timestamp()) + (7 * 24 * 3600)  # One week validity   # FIXME : does it mean the session suddenly expires after a week ? Can we somehow auto-renew it at every usage or something ?
+            "exp": int(datetime.datetime.now().timestamp()) + (7 * 24 * 3600),  # One week validity   # FIXME : does it mean the session suddenly expires after a week ? Can we somehow auto-renew it at every usage or something ?
+            "host": request.get_header('host'),
         }
         new_infos.update(infos)