On Sun, Jan 25, 2015 at 8:06 PM, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote: >> ocserv[4622]: main: 121.34.241.154:50274 sending message 'auth cookie >> reply' to worker >> ocserv[4688]: worker: 121.34.241.154:50274 received auth reply message >> (value: 3) >> ocserv[4688]: worker: 121.34.241.154:50274 error receiving cookie >> authentication reply >> ocserv[4688]: worker: 121.34.241.154:50274 failed cookie authentication attempt >> Is auth cookie somehow affected by my client certificate `cn` and `unit`? > No. I believe it is a side-effect of the new session control introduced > due to radius. It seems that sessions in the security module are expired > sooner than expected, and that's why you notice that issue. I've > submitted a correction into git, but I'll need to review the whole > process sometime later. I did review it and found it overly complex. I've now simplified the session control, by having the security module check time and decide the validity of a cookie. That should handle all existing use cases (there are now tests for them), but if I missed anything let me know. regards, Nikos