From 10694479254b3d5322b06e449a65aa5f0c9e165e Mon Sep 17 00:00:00 2001 From: "J. King" Date: Sun, 24 Sep 2017 10:09:36 -0400 Subject: [PATCH] Make session cleanup more sophisticated --- lib/Database.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/Database.php b/lib/Database.php index ddce4f1e..e2b72a86 100644 --- a/lib/Database.php +++ b/lib/Database.php @@ -248,8 +248,8 @@ class Database { } public function sessionResume(string $id): array { - $maxage = Date::sub(Arsse::$conf->userSessionLifetime); - $out = $this->db->prepare("SELECT * from arsse_sessions where id is ? and expires > CURRENT_TIMESTAMP and created > ?", "str", "datetime")->run($id, $maxage)->getRow(); + $maxAge = Date::sub(Arsse::$conf->userSessionLifetime); + $out = $this->db->prepare("SELECT * from arsse_sessions where id is ? and expires > CURRENT_TIMESTAMP and created > ?", "str", "datetime")->run($id, $maxAge)->getRow(); // if the session does not exist or is expired, throw an exception if (!$out) { throw new User\ExceptionSession("invalid", $id); @@ -267,7 +267,8 @@ class Database { } public function sessionCleanup(): int { - return $this->db->query("DELETE FROM arsse_sessions where expires < CURRENT_TIMESTAMP")->changes(); + $maxAge = Date::sub(Arsse::$conf->userSessionLifetime); + return $this->db->prepare("DELETE FROM arsse_sessions where expires < CURRENT_TIMESTAMP or created < ?", "datetime")->run($maxAge)->changes(); } protected function sessionExpiringSoon(DateTimeInterface $expiry): bool {