1
1
Fork 0
mirror of https://code.mensbeam.com/MensBeam/Arsse.git synced 2024-12-23 06:14:55 +00:00

Resuming a session from the database should have no side effects

This commit is contained in:
J. King 2017-09-24 11:22:32 -04:00
parent 1069447925
commit b7ac63b9de

View file

@ -249,15 +249,11 @@ class Database {
public function sessionResume(string $id): array { public function sessionResume(string $id): array {
$maxAge = Date::sub(Arsse::$conf->userSessionLifetime); $maxAge = Date::sub(Arsse::$conf->userSessionLifetime);
$out = $this->db->prepare("SELECT * from arsse_sessions where id is ? and expires > CURRENT_TIMESTAMP and created > ?", "str", "datetime")->run($id, $maxAge)->getRow(); $out = $this->db->prepare("SELECT id,created,expires,user from arsse_sessions where id is ? and expires > CURRENT_TIMESTAMP and created > ?", "str", "datetime")->run($id, $maxAge)->getRow();
// if the session does not exist or is expired, throw an exception // if the session does not exist or is expired, throw an exception
if (!$out) { if (!$out) {
throw new User\ExceptionSession("invalid", $id); throw new User\ExceptionSession("invalid", $id);
} }
// otherwise populate the session user when appropriate
if (Arsse::$user) {
Arsse::$user->id = $out['user'];
}
// if we're more than half-way from the session expiring, renew it // if we're more than half-way from the session expiring, renew it
if ($this->sessionExpiringSoon(Date::normalize($out['expires'], "sql"))) { if ($this->sessionExpiringSoon(Date::normalize($out['expires'], "sql"))) {
$expires = Date::add(Arsse::$conf->userSessionTimeout); $expires = Date::add(Arsse::$conf->userSessionTimeout);