v2.rb in global_session-2.0.3

- old
+ new

@@ -309,14 +309,18 @@
 
       signed_hash = RightSupport::Crypto::SignedHash.new(
           hash.reject { |k,v| ['dx', 's'].include?(k) },
           :encoding=>GlobalSession::Encoding::Msgpack,
           :public_key=>@directory.authorities[authority])
-      signed_hash.verify!(signature, expired_at)
 
-      #Check expiration
-      unless expired_at > Time.now.utc
-        raise GlobalSession::ExpiredSession, "Session expired at #{expired_at}"
+      begin
+        signed_hash.verify!(signature, expired_at)
+      rescue SecurityError => e
+        if e.message =~ /expired/
+          raise GlobalSession::ExpiredSession, "Session expired at #{expired_at}"
+        else
+          raise SecurityError, "Global session verification failure; suspected tampering: " + e.message
+        end
       end
 
       #Check other validity (delegate to directory)
       unless @directory.valid_session?(id, expired_at)
         raise GlobalSession::InvalidSession, "Global session has been invalidated"