This allows protocols to save the moment when a session's authentication
(`vpninfo->cookie`) is expected to expire and no longer be useful for
The motivation is to eventually allow front-ends to know whether
reauthentication is needed, or whether they should try using a cached
- AnyConnect protocol: expiration is determined from the CONNECT
response header `X-CSTP-Session-Timeout-Remaining` (with
`X-CSTP-Session-Timeout` or `X-CSTP-Lease-Duration` as upper bounds in its
- GlobalProtect protocol: expiration is determined from the `<lifetime>` tag of
the XML config.
- Juniper Network Connect protocol: no currently known way to determine
expiration. The `DSID` cookie is a standard HTTP cookie, so perhaps its
expiration timestamp is intended for this purpose; however, I can find
no real-world case where it has an expiration timestamp set.
- None of the currently-supported protocols provide the expiration
timestamp until the connection phase, so it can't be obtained for
export by the `--authenticate` option.
Signed-off-by: Daniel Lenski <email@example.com>