sec-mod: separated expiration from creation time fields

That allows to set explicit expiration of the cookie, and
ensure that we can close a session in a way that we provide
a limited time window for it to re-open. That handles anyconnect
client compatibility; this client terminates and reconnects
using the original cookie, multiple times.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

src/sec-mod.h

@@ -75,7 +75,7 @@ typedef struct common_acct_info_st {
 	unsigned id;
 } common_acct_info_st;
 
-#define IS_CLIENT_ENTRY_EXPIRED_FULL(sec, e, now, clean) (e->time != -1 && (now - e->time) > (sec->config->cookie_timeout + (clean?AUTH_SLACK_TIME:0)) && e->in_use == 0)
+#define IS_CLIENT_ENTRY_EXPIRED_FULL(sec, e, now, clean) (e->exptime != -1 && now >= e->exptime && e->in_use == 0)
 #define IS_CLIENT_ENTRY_EXPIRED(sec, e, now) IS_CLIENT_ENTRY_EXPIRED_FULL(sec, e, now, 0)
 
 typedef struct client_entry_st {
@@ -101,8 +101,10 @@ typedef struct client_entry_st {
 
 	uint8_t dtls_session_id[GNUTLS_MAX_SESSION_ID];
 
-	/* The time this client entry was last modified (created or closed) */
-	time_t time;
+	/* The time this client entry was created */
+	time_t created;
+	/* The time this client entry is supposed to expire */
+	time_t exptime;
 
 	/* the auth type associated with the user */
 	unsigned auth_type;