Zoltán Papp 7de3242a27 encode SessionExpiresAt as 3-state on the wire ...

Previously the `sessionExpiresAt` field on LoginResponse, SyncResponse
and ExtendAuthSessionResponse was 2-state: a valid timestamp meant
"new deadline", and nil meant "clear". That conflated two distinct
meanings — "no info in this snapshot" vs "expiry is explicitly off /
peer is not SSO-tracked" — so a Sync push that legitimately couldn't
compute the deadline (settings lookup failed) would silently clear the
client's anchor and lose the warning window.

Three states now, encoded on the same field number (no .proto schema
churn — only comments and the server-side encoder change):

  - nil pointer (field absent) → "no info"; client preserves anchor
  - &Timestamp{} (seconds=0, nanos=0) → explicit "disabled / not SSO"
    sentinel; client clears
  - valid timestamp → new absolute UTC deadline

A new encodeSessionExpiresAt helper centralises the zero/non-zero
encoding and is shared by the Sync, Login and ExtendAuthSession
builders. The Sync builder still emits nil when settings are missing.
Login and ExtendAuthSession always carry an authoritative value.

The matching client-side decoder lands on feature/session-extend.

2026-05-19 14:46:27 +02:00

..

client

add SSO session extend flow (management)

2026-05-18 23:37:02 +02:00

domain

[management] Streamline domain validation (#5211)

2026-01-29 13:51:44 +01:00

http

[proxy] feature: bring your own proxy (#5627)

2026-05-11 14:31:38 +02:00

operations

[client,management] Rewrite the SSH feature (#4015)

2025-11-17 17:10:41 +01:00

proto

encode SessionExpiresAt as 3-state on the wire

2026-05-19 14:46:27 +02:00

status

[management, reverse proxy] Add reverse proxy feature (#5291)

2026-02-13 19:37:43 +01:00