diff --git a/pkg/cookies/csrf.go b/pkg/cookies/csrf.go index 6f31bc5938..0c8e1cc780 100644 --- a/pkg/cookies/csrf.go +++ b/pkg/cookies/csrf.go @@ -48,7 +48,6 @@ type csrf struct { cookieOpts *options.Cookie time clock.Clock - creationTime time.Time } // csrtStateTrim will indicate the length of the state trimmed for the name of the csrf cookie @@ -71,7 +70,6 @@ func NewCSRF(opts *options.Cookie, codeVerifier string) (CSRF, error) { CodeVerifier: codeVerifier, cookieOpts: opts, - creationTime: time.Now(), }, nil } @@ -178,7 +176,7 @@ func ClearExtraCsrfCookies(opts *options.Cookie, rw http.ResponseWriter, req *ht } sort.Slice(decodedCookies, func(i, j int) bool { - return decodedCookies[i].creationTime.Before(decodedCookies[j].creationTime) + return decodedCookies[i].time.Now().Before(decodedCookies[j].time.Now()) }) numberToDelete := len(decodedCookies) - opts.CSRFPerRequestLimit diff --git a/pkg/cookies/csrf_per_request_test.go b/pkg/cookies/csrf_per_request_test.go index b0634bf58e..d32fdb37c5 100644 --- a/pkg/cookies/csrf_per_request_test.go +++ b/pkg/cookies/csrf_per_request_test.go @@ -200,17 +200,17 @@ var _ = Describe("CSRF Cookie with non-fixed name Tests", func() { publicCSRF1, err := NewCSRF(cookieOpts, "verifier") Expect(err).ToNot(HaveOccurred()) privateCSRF1 := publicCSRF1.(*csrf) - privateCSRF1.creationTime.Set(testNow) + privateCSRF1.time.Set(testNow) publicCSRF2, err := NewCSRF(cookieOpts, "verifier") Expect(err).ToNot(HaveOccurred()) privateCSRF2 := publicCSRF2.(*csrf) - privateCSRF2.creationTime.Set(testNow.Add(time.Minute)) + privateCSRF2.time.Set(testNow.Add(time.Minute)) publicCSRF3, err := NewCSRF(cookieOpts, "verifier") Expect(err).ToNot(HaveOccurred()) privateCSRF3 := publicCSRF3.(*csrf) - privateCSRF3.creationTime.Set(testNow.Add(time.Minute * 2)) + privateCSRF3.time.Set(testNow.Add(time.Minute * 2)) //for the test we set all the cookies on a single request, but in reality this will be multiple requests after another cookies := []string{}