fix: prevent nil pointer when err session retrieval fails

see https://sentry.in.nuonet.fr/share/issue/48b82c13ee3f4721bb6306b533799709/

doc/fr/references/layers/rewriter.md

@@ -60,7 +60,7 @@ Retourne `nil` si le cookie n'existe pas.
 }
 ```
 
-##### `set_cookie(ctx, cookie Cookie)`
+##### `add_cookie(ctx, cookie Cookie)`
 
 Définit un cookie sur la requête/réponse (en fonction du contexte d'utilisation).
 Voir la méthode `get_cookie()` pour voir les attributs potentiels.

internal/config/layers.go

@@ -21,6 +21,9 @@ func NewDefaultLayersConfig() LayersConfig {
 					Timeout:         NewInterpolatedDuration(10 * time.Second),
 				},
 			},
+			Sessions: AuthnLayerSessionConfig{
+				TTL: NewInterpolatedDuration(time.Hour),
+			},
 		},
 	}
 }
@@ -31,9 +34,14 @@ type QueueLayerConfig struct {
 }
 
 type AuthnLayerConfig struct {
-	Debug       InterpolatedBool     `yaml:"debug"`
-	TemplateDir InterpolatedString   `yaml:"templateDir"`
-	OIDC        AuthnOIDCLayerConfig `yaml:"oidc"`
+	Debug       InterpolatedBool        `yaml:"debug"`
+	TemplateDir InterpolatedString      `yaml:"templateDir"`
+	OIDC        AuthnOIDCLayerConfig    `yaml:"oidc"`
+	Sessions    AuthnLayerSessionConfig `yaml:"sessions"`
+}
+
+type AuthnLayerSessionConfig struct {
+	TTL *InterpolatedDuration `yaml:"ttl"`
 }
 
 type AuthnOIDCLayerConfig struct {

internal/config/redis.go

@@ -9,25 +9,35 @@ const (
 )
 
 type RedisConfig struct {
-	Adresses       InterpolatedStringSlice `yaml:"addresses"`
-	Master         InterpolatedString      `yaml:"master"`
-	ReadTimeout    InterpolatedDuration    `yaml:"readTimeout"`
-	WriteTimeout   InterpolatedDuration    `yaml:"writeTimeout"`
-	DialTimeout    InterpolatedDuration    `yaml:"dialTimeout"`
-	LockMaxRetries InterpolatedInt         `yaml:"lockMaxRetries"`
-	MaxRetries     InterpolatedInt         `yaml:"maxRetries"`
-	PingInterval   InterpolatedDuration    `yaml:"pingInterval"`
+	Adresses              InterpolatedStringSlice `yaml:"addresses"`
+	Master                InterpolatedString      `yaml:"master"`
+	ReadTimeout           InterpolatedDuration    `yaml:"readTimeout"`
+	WriteTimeout          InterpolatedDuration    `yaml:"writeTimeout"`
+	DialTimeout           InterpolatedDuration    `yaml:"dialTimeout"`
+	LockMaxRetries        InterpolatedInt         `yaml:"lockMaxRetries"`
+	RouteByLatency        InterpolatedBool        `yaml:"routeByLatency"`
+	ContextTimeoutEnabled InterpolatedBool        `yaml:"contextTimeoutEnabled"`
+	MaxRetries            InterpolatedInt         `yaml:"maxRetries"`
+	PingInterval          InterpolatedDuration    `yaml:"pingInterval"`
+	PoolSize              InterpolatedInt         `yaml:"poolSize"`
+	PoolTimeout           InterpolatedDuration    `yaml:"poolTimeout"`
+	MinIdleConns          InterpolatedInt         `yaml:"minIdleConns"`
+	MaxIdleConns          InterpolatedInt         `yaml:"maxIdleConns"`
+	ConnMaxIdleTime       InterpolatedDuration    `yaml:"connMaxIdleTime"`
+	ConnMaxLifetime       InterpolatedDuration    `yaml:"connMaxLifeTime"`
 }
 
 func NewDefaultRedisConfig() RedisConfig {
 	return RedisConfig{
-		Adresses:       InterpolatedStringSlice{"localhost:6379"},
-		Master:         "",
-		ReadTimeout:    InterpolatedDuration(30 * time.Second),
-		WriteTimeout:   InterpolatedDuration(30 * time.Second),
-		DialTimeout:    InterpolatedDuration(30 * time.Second),
-		LockMaxRetries: 10,
-		MaxRetries:     3,
-		PingInterval:   InterpolatedDuration(30 * time.Second),
+		Adresses:              InterpolatedStringSlice{"localhost:6379"},
+		Master:                "",
+		ReadTimeout:           InterpolatedDuration(30 * time.Second),
+		WriteTimeout:          InterpolatedDuration(30 * time.Second),
+		DialTimeout:           InterpolatedDuration(30 * time.Second),
+		LockMaxRetries:        10,
+		MaxRetries:            3,
+		PingInterval:          InterpolatedDuration(30 * time.Second),
+		ContextTimeoutEnabled: true,
+		RouteByLatency:        true,
 	}
 }

internal/config/sentry.go

@@ -32,7 +32,7 @@ func NewDefaultSentryConfig() SentryConfig {
 		EnableTracing:      false,
 		TracesSampleRate:   0.1,
 		ProfilesSampleRate: 0.1,
-		IgnoreErrors:       []string{"context canceled"},
+		IgnoreErrors:       []string{"context canceled", "net/http: abort"},
 		SendDefaultPII:     false,
 		ServerName:         "",
 		Environment:        "",

internal/proxy/director/layer/authn/layer.go

@@ -10,6 +10,9 @@ import (
 	"forge.cadoles.com/Cadoles/go-proxy"
 	"forge.cadoles.com/Cadoles/go-proxy/wildcard"
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
+	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/util"
+	"forge.cadoles.com/cadoles/bouncer/internal/rule"
+	ruleHTTP "forge.cadoles.com/cadoles/bouncer/internal/rule/http"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/Masterminds/sprig/v3"
 	"github.com/pkg/errors"
@@ -21,6 +24,8 @@ type Layer struct {
 	auth      Authenticator
 	debug     bool
 
+	ruleEngineCache *util.RuleEngineCache[*Vars, *LayerOptions]
+
 	templateDir string
 }
 
@@ -74,7 +79,7 @@ func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware {
 				return
 			}
 
-			if err := l.applyRules(ctx, r, options, user); err != nil {
+			if err := l.applyRules(ctx, r, layer, options, user); err != nil {
 				if errors.Is(err, ErrForbidden) {
 					l.renderForbiddenPage(w, r, layer, options, user)
 					return
@@ -189,6 +194,18 @@ func NewLayer(layerType store.LayerType, auth Authenticator, funcs ...OptionFunc
 	opts := NewOptions(funcs...)
 
 	return &Layer{
+		ruleEngineCache: util.NewInMemoryRuleEngineCache[*Vars, *LayerOptions](func(options *LayerOptions) (*rule.Engine[*Vars], error) {
+			engine, err := rule.NewEngine[*Vars](
+				rule.WithRules(options.Rules...),
+				rule.WithExpr(getAuthnAPI()...),
+				ruleHTTP.WithRequestFuncs(),
+			)
+			if err != nil {
+				return nil, errors.WithStack(err)
+			}
+
+			return engine, nil
+		}),
 		layerType:   layerType,
 		auth:        auth,
 		templateDir: opts.TemplateDir,

internal/proxy/director/layer/authn/layer_options.go

@@ -28,12 +28,13 @@ func DefaultLayerOptions() LayerOptions {
 	return LayerOptions{
 		MatchURLs: []string{"*"},
 		Rules: []string{
-			"del_headers('Remote-*')",
-			"set_header('Remote-User', user.subject)",
+			"del_headers(ctx, 'Remote-*')",
+			"set_header(ctx,'Remote-User', vars.user.subject)",
 			`map(
-				toPairs(user.attrs), {
+				toPairs(vars.user.attrs), {
 					let name = replace(lower(string(get(#, 0))), '_', '-');
 					set_header(
+						ctx,
 						'Remote-User-Attr-' + name, 
 						get(#, 1)
 					) 

internal/proxy/director/layer/authn/oidc/client.go

@@ -48,7 +48,7 @@ func (c *Client) Provider() *oidc.Provider {
 func (c *Client) Authenticate(w http.ResponseWriter, r *http.Request, sess *sessions.Session, postLoginRedirectURL string) (*oidc.IDToken, error) {
 	idToken, err := c.getIDToken(r, sess)
 	if err != nil {
-		logger.Warn(r.Context(), "could not retrieve idtoken", logger.CapturedE(errors.WithStack(err)))
+		logger.Warn(r.Context(), "could not retrieve idtoken", logger.E(errors.WithStack(err)))
 
 		c.login(w, r, sess, postLoginRedirectURL)
 
@@ -69,7 +69,7 @@ func (c *Client) login(w http.ResponseWriter, r *http.Request, sess *sessions.Se
 	sess.Values[sessionKeyPostLoginRedirectURL] = postLoginRedirectURL
 
 	if err := sess.Save(r, w); err != nil {
-		director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not save session"))
+		director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not save session"))
 
 		return
 	}

internal/proxy/director/layer/authn/rules.go

@@ -4,8 +4,8 @@ import (
 	"context"
 	"net/http"
 
-	"forge.cadoles.com/cadoles/bouncer/internal/rule"
 	ruleHTTP "forge.cadoles.com/cadoles/bouncer/internal/rule/http"
+	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/expr-lang/expr"
 	"github.com/pkg/errors"
 )
@@ -14,17 +14,11 @@ type Vars struct {
 	User *User `expr:"user"`
 }
 
-func (l *Layer) applyRules(ctx context.Context, r *http.Request, options *LayerOptions, user *User) error {
-	rules := options.Rules
-	if len(rules) == 0 {
-		return nil
-	}
+func (l *Layer) applyRules(ctx context.Context, r *http.Request, layer *store.Layer, options *LayerOptions, user *User) error {
+	key := string(layer.Proxy) + "-" + string(layer.Name)
+	revisionedEngine := l.ruleEngineCache.Get(key)
 
-	engine, err := rule.NewEngine[*Vars](
-		rule.WithRules(options.Rules...),
-		rule.WithExpr(getAuthnAPI()...),
-		ruleHTTP.WithRequestFuncs(),
-	)
+	engine, err := revisionedEngine.Get(ctx, layer.Revision, options)
 	if err != nil {
 		return errors.WithStack(err)
 	}

internal/proxy/director/layer/queue/queue.go

@@ -54,7 +54,7 @@ func (q *Queue) Middleware(layer *store.Layer) proxy.Middleware {
 
 			options, err := fromStoreOptions(layer.Options, q.defaultKeepAlive)
 			if err != nil {
-				director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not parse layer options"))
+				director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not parse layer options"))
 				return
 			}
 
@@ -89,7 +89,7 @@ func (q *Queue) Middleware(layer *store.Layer) proxy.Middleware {
 
 			rank, err := q.adapter.Touch(ctx, queueName, sessionID)
 			if err != nil {
-				director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not retrieve session rank"))
+				director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not update queue session rank"))
 				return
 			}
 
@@ -142,7 +142,7 @@ func (q *Queue) renderQueuePage(w http.ResponseWriter, r *http.Request, queueNam
 
 	status, err := q.adapter.Status(ctx, queueName)
 	if err != nil {
-		director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not retrieve queue status"))
+		director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not retrieve queue status"))
 		return
 	}
 
@@ -191,7 +191,7 @@ func (q *Queue) renderQueuePage(w http.ResponseWriter, r *http.Request, queueNam
 	var buf bytes.Buffer
 
 	if err := q.tmpl.ExecuteTemplate(&buf, "queue", templateData); err != nil {
-		director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not render queue page"))
+		director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not render queue page"))
 		return
 	}
 

internal/proxy/director/layer/rewriter/layer.go

@@ -16,8 +16,8 @@ import (
 const LayerType store.LayerType = "rewriter"
 
 type Layer struct {
-	requestRuleEngine  *util.RevisionedRuleEngine[*RequestVars, *LayerOptions]
-	responseRuleEngine *util.RevisionedRuleEngine[*ResponseVars, *LayerOptions]
+	requestRuleEngineCache  *util.RuleEngineCache[*RequestVars, *LayerOptions]
+	responseRuleEngineCache *util.RuleEngineCache[*ResponseVars, *LayerOptions]
 }
 
 func (l *Layer) LayerType() store.LayerType {
@@ -31,7 +31,7 @@ func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware {
 
 			options, err := fromStoreOptions(layer.Options)
 			if err != nil {
-				director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.New("could not parse layer options"))
+				director.HandleError(ctx, w, r, http.StatusInternalServerError, errors.Wrap(err, "could not parse layer options"))
 				return
 			}
 
@@ -42,7 +42,7 @@ func (l *Layer) Middleware(layer *store.Layer) proxy.Middleware {
 				return
 			}
 
-			if err := l.applyRequestRules(ctx, r, layer.Revision, options); err != nil {
+			if err := l.applyRequestRules(ctx, r, layer, options); err != nil {
 				var redirect *errRedirect
 				if errors.As(err, &redirect) {
 					http.Redirect(w, r, redirect.URL(), redirect.StatusCode())
@@ -76,7 +76,7 @@ func (l *Layer) ResponseTransformer(layer *store.Layer) proxy.ResponseTransforme
 
 		ctx := r.Request.Context()
 
-		if err := l.applyResponseRules(ctx, r, layer.Revision, options); err != nil {
+		if err := l.applyResponseRules(ctx, r, layer, options); err != nil {
 			return errors.WithStack(err)
 		}
 
@@ -86,7 +86,7 @@ func (l *Layer) ResponseTransformer(layer *store.Layer) proxy.ResponseTransforme
 
 func New(funcs ...OptionFunc) *Layer {
 	return &Layer{
-		requestRuleEngine: util.NewRevisionedRuleEngine(func(options *LayerOptions) (*rule.Engine[*RequestVars], error) {
+		requestRuleEngineCache: util.NewInMemoryRuleEngineCache(func(options *LayerOptions) (*rule.Engine[*RequestVars], error) {
 			engine, err := rule.NewEngine[*RequestVars](
 				rule.WithRules(options.Rules.Request...),
 				ruleHTTP.WithRequestFuncs(),
@@ -98,7 +98,7 @@ func New(funcs ...OptionFunc) *Layer {
 
 			return engine, nil
 		}),
-		responseRuleEngine: util.NewRevisionedRuleEngine(func(options *LayerOptions) (*rule.Engine[*ResponseVars], error) {
+		responseRuleEngineCache: util.NewInMemoryRuleEngineCache(func(options *LayerOptions) (*rule.Engine[*ResponseVars], error) {
 			engine, err := rule.NewEngine[*ResponseVars](
 				rule.WithRules(options.Rules.Response...),
 				ruleHTTP.WithResponseFuncs(),

internal/proxy/director/layer/rewriter/rules.go

@@ -8,6 +8,7 @@ import (
 	"forge.cadoles.com/cadoles/bouncer/internal/proxy/director"
 	"forge.cadoles.com/cadoles/bouncer/internal/rule"
 	ruleHTTP "forge.cadoles.com/cadoles/bouncer/internal/rule/http"
+	"forge.cadoles.com/cadoles/bouncer/internal/store"
 	"github.com/pkg/errors"
 )
 
@@ -87,13 +88,13 @@ func fromRequest(r *http.Request) RequestVar {
 	}
 }
 
-func (l *Layer) applyRequestRules(ctx context.Context, r *http.Request, layerRevision int, options *LayerOptions) error {
+func (l *Layer) applyRequestRules(ctx context.Context, r *http.Request, layer *store.Layer, options *LayerOptions) error {
 	rules := options.Rules.Request
 	if len(rules) == 0 {
 		return nil
 	}
 
-	engine, err := l.getRequestRuleEngine(ctx, layerRevision, options)
+	engine, err := l.getRequestRuleEngine(ctx, layer, options)
 	if err != nil {
 		return errors.WithStack(err)
 	}
@@ -117,8 +118,11 @@ func (l *Layer) applyRequestRules(ctx context.Context, r *http.Request, layerRev
 	return nil
 }
 
-func (l *Layer) getRequestRuleEngine(ctx context.Context, layerRevision int, options *LayerOptions) (*rule.Engine[*RequestVars], error) {
-	engine, err := l.requestRuleEngine.Get(ctx, layerRevision, options)
+func (l *Layer) getRequestRuleEngine(ctx context.Context, layer *store.Layer, options *LayerOptions) (*rule.Engine[*RequestVars], error) {
+	key := string(layer.Proxy) + "-" + string(layer.Name)
+	revisionedEngine := l.requestRuleEngineCache.Get(key)
+
+	engine, err := revisionedEngine.Get(ctx, layer.Revision, options)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
@@ -145,13 +149,13 @@ type ResponseVar struct {
 	Trailer          map[string][]string `expr:"trailer"`
 }
 
-func (l *Layer) applyResponseRules(ctx context.Context, r *http.Response, layerRevision int, options *LayerOptions) error {
+func (l *Layer) applyResponseRules(ctx context.Context, r *http.Response, layer *store.Layer, options *LayerOptions) error {
 	rules := options.Rules.Response
 	if len(rules) == 0 {
 		return nil
 	}
 
-	engine, err := l.getResponseRuleEngine(ctx, layerRevision, options)
+	engine, err := l.getResponseRuleEngine(ctx, layer, options)
 	if err != nil {
 		return errors.WithStack(err)
 	}
@@ -187,8 +191,11 @@ func (l *Layer) applyResponseRules(ctx context.Context, r *http.Response, layerR
 	return nil
 }
 
-func (l *Layer) getResponseRuleEngine(ctx context.Context, layerRevision int, options *LayerOptions) (*rule.Engine[*ResponseVars], error) {
-	engine, err := l.responseRuleEngine.Get(ctx, layerRevision, options)
+func (l *Layer) getResponseRuleEngine(ctx context.Context, layer *store.Layer, options *LayerOptions) (*rule.Engine[*ResponseVars], error) {
+	key := string(layer.Proxy) + "-" + string(layer.Name)
+	revisionedEngine := l.responseRuleEngineCache.Get(key)
+
+	engine, err := revisionedEngine.Get(ctx, layer.Revision, options)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}

internal/proxy/director/layer/util/rule_engine_cache.go

@@ -0,0 +1,28 @@
+package util
+
+import (
+	"forge.cadoles.com/cadoles/bouncer/internal/cache"
+	"forge.cadoles.com/cadoles/bouncer/internal/cache/memory"
+)
+
+type RuleEngineCache[V any, O any] struct {
+	cache   cache.Cache[string, *RevisionedRuleEngine[V, O]]
+	factory RuleEngineFactoryFunc[V, O]
+}
+
+func (c *RuleEngineCache[V, O]) Get(key string) *RevisionedRuleEngine[V, O] {
+	revisionedRuleEngine, exists := c.cache.Get(key)
+	if !exists {
+		revisionedRuleEngine = NewRevisionedRuleEngine(c.factory)
+		c.cache.Set(key, revisionedRuleEngine)
+	}
+
+	return revisionedRuleEngine
+}
+
+func NewInMemoryRuleEngineCache[V any, O any](factory RuleEngineFactoryFunc[V, O]) *RuleEngineCache[V, O] {
+	return &RuleEngineCache[V, O]{
+		factory: factory,
+		cache:   memory.NewCache[string, *RevisionedRuleEngine[V, O]](),
+	}
+}

internal/proxy/server.go

@@ -234,7 +234,7 @@ func (s *Server) handleError(w http.ResponseWriter, r *http.Request, status int,
 	err = errors.WithStack(err)
 
 	if errors.Is(err, context.Canceled) {
-		logger.Warn(r.Context(), err.Error(), logger.CapturedE(err))
+		logger.Warn(r.Context(), err.Error(), logger.E(err))
 	} else {
 		logger.Error(r.Context(), err.Error(), logger.CapturedE(err))
 	}

internal/session/options.go

@@ -10,6 +10,7 @@ import (
 type Options struct {
 	Session   sessions.Options
 	KeyPrefix string
+	TTL       time.Duration
 }
 
 type OptionFunc func(opts *Options)
@@ -25,6 +26,7 @@ func NewOptions(funcs ...OptionFunc) *Options {
 			SameSite: http.SameSiteDefaultMode,
 		},
 		KeyPrefix: "session:",
+		TTL:       time.Hour,
 	}
 
 	for _, fn := range funcs {
@@ -45,3 +47,9 @@ func WithKeyPrefix(prefix string) OptionFunc {
 		opts.KeyPrefix = prefix
 	}
 }
+
+func WithTTL(ttl time.Duration) OptionFunc {
+	return func(opts *Options) {
+		opts.TTL = ttl
+	}
+}

internal/session/store.go

@@ -31,6 +31,7 @@ type Store struct {
 	keyPrefix  string
 	keyGen     KeyGenFunc
 	serializer SessionSerializer
+	ttl        time.Duration
 }
 
 type KeyGenFunc func() (string, error)
@@ -43,6 +44,7 @@ func NewStore(adapter StoreAdapter, funcs ...OptionFunc) *Store {
 		keyPrefix:  opts.KeyPrefix,
 		keyGen:     generateRandomKey,
 		serializer: GobSerializer{},
+		ttl:        opts.TTL,
 	}
 
 	return rs
@@ -62,20 +64,21 @@ func (s *Store) New(r *http.Request, name string) (*sessions.Session, error) {
 	if err != nil {
 		return session, nil
 	}
+
 	session.ID = c.Value
 
 	err = s.load(r.Context(), session)
 	if err == nil {
 		session.IsNew = false
 	} else if !errors.Is(err, ErrNotFound) {
-		return nil, errors.WithStack(err)
+		return session, errors.WithStack(err)
 	}
 
 	return session, nil
 }
 
 func (s *Store) Save(r *http.Request, w http.ResponseWriter, session *sessions.Session) error {
-	if session.Options.MaxAge <= 0 {
+	if session.Options.MaxAge < 0 {
 		if err := s.delete(r.Context(), session); err != nil {
 			return errors.WithStack(err)
 		}
@@ -120,7 +123,12 @@ func (s *Store) save(ctx context.Context, session *sessions.Session) error {
 		return errors.WithStack(err)
 	}
 
-	if err := s.adapter.Set(ctx, s.keyPrefix+session.ID, b, time.Duration(session.Options.MaxAge)*time.Second); err != nil {
+	ttl := time.Duration(session.Options.MaxAge) * time.Second
+	if s.ttl < ttl || ttl == 0 {
+		ttl = s.ttl
+	}
+
+	if err := s.adapter.Set(ctx, s.keyPrefix+session.ID, b, ttl); err != nil {
 		return errors.WithStack(err)
 	}
 

internal/setup/redis.go

@@ -38,9 +38,15 @@ func newRedisClient(conf config.RedisConfig) redis.UniversalClient {
 		ReadTimeout:           time.Duration(conf.ReadTimeout),
 		WriteTimeout:          time.Duration(conf.WriteTimeout),
 		DialTimeout:           time.Duration(conf.DialTimeout),
-		RouteByLatency:        true,
-		ContextTimeoutEnabled: true,
+		RouteByLatency:        bool(conf.RouteByLatency),
+		ContextTimeoutEnabled: bool(conf.ContextTimeoutEnabled),
 		MaxRetries:            int(conf.MaxRetries),
+		PoolSize:              int(conf.PoolSize),
+		PoolTimeout:           time.Duration(conf.PoolTimeout),
+		MinIdleConns:          int(conf.MinIdleConns),
+		MaxIdleConns:          int(conf.MaxIdleConns),
+		ConnMaxIdleTime:       time.Duration(conf.ConnMaxIdleTime),
+		ConnMaxLifetime:       time.Duration(conf.ConnMaxLifetime),
 	})
 
 	go func() {

layers/authn/templates/error.gohtml

@@ -55,6 +55,8 @@
         border-radius: 5px;
         box-shadow: 2px 2px #cccccc1c;
         color: #810000 !important;
+        max-width: 80%;
+        overflow-x: hidden;
       }
 
       .title {
@@ -81,7 +83,7 @@
       <div id="card">
         <h2 class="title">Une erreur est survenue !</h2>
         {{ if .Debug }}
-        <pre>{{ .Err }}</pre>
+        <pre style="overflow-x: auto">{{ .Err }}</pre>
         {{ end }}
         {{/* if a public base url is provided, show navigation link */}}
         {{ $oidc := ( index .Layer.Options "oidc" ) }}

misc/packaging/common/config.yml

@@ -218,6 +218,11 @@ layers:
   authn:
     # Répertoire contenant les templates
     templateDir: "/etc/bouncer/layers/authn/templates"
+    # Configuration des sessions
+    sessions:
+      # Temps de persistence sans actualisation des sessions dans le store
+      # (prévalent sur le MaxAge de la session)
+      ttl: "1h"
 
 # Configuration d'une série de proxy/layers
 # à créer par défaut par le serveur d'administration