lindeas
/
jilo-web
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 6 Wiki Activity

Fixes session management and increases time to 2 hours w/out "remember me"

main
Yasen Pramatarov 2025-04-12 16:22:41 +03:00
parent d72dd5fabc
commit 2ca1714992
2 changed files with 56 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
app/includes/session_middleware.php
View File

@ -18,57 +18,22 @@ function applySessionMiddleware($config, $app_root) {
'cookie_httponly' => 1, 'cookie_httponly' => 1,
'cookie_secure' => 1, 'cookie_secure' => 1,
'cookie_samesite' => 'Strict', 'cookie_samesite' => 'Strict',
'gc_maxlifetime' => 1440 // 24 minutes 'gc_maxlifetime' => 7200 // 2 hours
]); ]);
} }
} }
// Check if user is logged in // Check if user is logged in with all required session variables
if (!isset($_SESSION['user_id'])) { if (!isset($_SESSION['user_id']) || !isset($_SESSION['username'])) {
if (!$isTest) { cleanupSession($config, $app_root, $isTest);
header('Location: ' . $app_root . '?page=login');
exit();
}
return false; return false;
} }
// Check session timeout // Check session timeout
$session_timeout = isset($_SESSION['REMEMBER_ME']) ? (30 * 24 * 60 * 60) : 1440; // 30 days or 24 minutes $session_timeout = isset($_SESSION['REMEMBER_ME']) ? (30 * 24 * 60 * 60) : 7200; // 30 days or 2 hours
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $session_timeout)) { if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $session_timeout)) {
// Session has expired // Session has expired
$oldSessionData = $_SESSION; cleanupSession($config, $app_root, $isTest);
$_SESSION = array();
if (!$isTest && session_status() === PHP_SESSION_ACTIVE) {
session_unset();
session_destroy();
// Start a new session to prevent errors
if (!headers_sent()) {
session_start([
'cookie_httponly' => 1,
'cookie_secure' => 1,
'cookie_samesite' => 'Strict',
'gc_maxlifetime' => 1440
]);
}
}
if (!$isTest && !headers_sent()) {
setcookie('username', '', [
'expires' => time() - 3600,
'path' => $config['folder'],
'domain' => $config['domain'],
'secure' => isset($_SERVER['HTTPS']),
'httponly' => true,
'samesite' => 'Strict'
]);
}
if (!$isTest) {
header('Location: ' . $app_root . '?page=login&timeout=1');
exit();
}
return false; return false;
} }
@ -90,3 +55,43 @@ function applySessionMiddleware($config, $app_root) {
return true; return true;
} }
/**
* Helper function to clean up session data and redirect
*/
function cleanupSession($config, $app_root, $isTest) {
if (!$isTest) {
// Clear session data
$_SESSION = array();
if (session_status() === PHP_SESSION_ACTIVE) {
session_unset();
session_destroy();
// Start a new session to prevent errors
if (!headers_sent()) {
session_start([
'cookie_httponly' => 1,
'cookie_secure' => 1,
'cookie_samesite' => 'Strict',
'gc_maxlifetime' => 7200
]);
}
}
// Clear cookies
if (!headers_sent()) {
setcookie('username', '', [
'expires' => time() - 3600,
'path' => $config['folder'],
'domain' => $config['domain'],
'secure' => isset($_SERVER['HTTPS']),
'httponly' => true,
'samesite' => 'Strict'
]);
}
header('Location: ' . $app_root . '?page=login&timeout=1');
exit();
}
}

14
app/templates/page-menu.php
View File

@ -6,13 +6,19 @@
<ul class="menu-left"> <ul class="menu-left">
<div class="container"> <div class="container">
<div class="row"> <div class="row">
<a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>" class="logo-link"><div class="col-4"><img class="logo" src="<?= htmlspecialchars($app_root) ?>static/jilo-logo.png" alt="JILO"/></div></a> <a href="<?= htmlspecialchars($app_root) ?>?platform=<?= htmlspecialchars($platform_id) ?>" class="logo-link">
<div class="col-4">
<img class="logo" src="<?= htmlspecialchars($app_root) ?>static/jilo-logo.png" alt="JILO"/>
</div>
</a>
</div> </div>
</div> </div>
<li class="font-weight-light text-uppercase" style="font-size: 0.5em; color: whitesmoke; margin-right: 70px; align-content: center;">version&nbsp;<?= htmlspecialchars($config['version']) ?></li> <li class="font-weight-light text-uppercase" style="font-size: 0.5em; color: whitesmoke; margin-right: 70px; align-content: center;">
version&nbsp;<?= htmlspecialchars($config['version']) ?>
</li>
<?php if ( isset($_SESSION['username']) ) { ?> <?php if (isset($_SESSION['username']) && isset($_SESSION['user_id'])) { ?>
<?php foreach ($platformsAll as $platform) { <?php foreach ($platformsAll as $platform) {
$platform_switch_url = switchPlatform($platform['id']); $platform_switch_url = switchPlatform($platform['id']);
@ -34,7 +40,7 @@
</ul> </ul>
<ul class="menu-right"> <ul class="menu-right">
<?php if ( isset($_SESSION['username']) ) { ?> <?php if (isset($_SESSION['username']) && isset($_SESSION['user_id'])) { ?>
<li class="dropdown"> <li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false"> <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false">
<i class="fas fa-user"></i> <i class="fas fa-user"></i>