Session token expiration value ignored in the request

[alexvanin]

Session tokens are attached to requests in RequestMetaHeader by the clients. This token should contain correct owner ID, public key, and token ID. However there is also lifetime field which is most probably ignored. Lifetime expiration is stored in session token copy on storage node, but it is ignored in request.

E.g. when pool sends request, it ignores lifetime but it works fine.

// https://github.com/nspcc-dev/neofs-sdk-go/blob/b6abb02acec4d081f6a2c2abf0f845dd350fd749/pool/pool.go#L1002
func sessionTokenForOwner(id *owner.ID, cliRes *client.CreateSessionRes) *session.Token {
	st := session.NewToken()
	st.SetOwnerID(id)
	st.SetID(cliRes.ID())
	st.SetSessionKey(cliRes.PublicKey())

	return st
}

Is it okay? It seems like a bug, but expiration still checked in session token storage.

[fyrchik]

Expiration in token storage affects how long we should store the key, i.e. session lifetime.
At the same time one could create some tokens with a different lifetime but the same session key. In this case I would expect them to stop working after the expiration epoch.