Fixes to show session expiration only once

app/classes/session.php

@@ -108,6 +108,9 @@ class Session {
 
         // Start fresh session
         self::startSession();
+
+        // Reset session timeout flag
+        unset($_SESSION['session_timeout_shown']);
     }
 
     /**

app/includes/session_middleware.php

@@ -16,8 +16,10 @@ function applySessionMiddleware($config, $app_root, $isTest = false) {
     // Check session validity
     if (!Session::isValidSession()) {
         // Only show session timeout message if there was an active session
-        if (isset($_SESSION['LAST_ACTIVITY'])) {
+        // and we haven't shown it yet
+        if (isset($_SESSION['LAST_ACTIVITY']) && !isset($_SESSION['session_timeout_shown'])) {
             Feedback::flash('LOGIN', 'SESSION_TIMEOUT');
+            $_SESSION['session_timeout_shown'] = true;
         }
 
         // Session invalid, clean up and redirect

app/pages/login.php

@@ -271,7 +271,7 @@ try {
 
 // Show configured login message if any
 if (!empty($config['login_message'])) {
-    echo Feedback::render('NOTICE', 'DEFAULT', $config['login_message'], false);
+    echo Feedback::render('NOTICE', 'DEFAULT', $config['login_message'], false, false, false);
 }
 
 // Get any new feedback messages

public_html/index.php

@@ -116,8 +116,11 @@ if ($validSession) {
     $currentUser = Session::getUsername();
 } else if (isset($_COOKIE['username']) && !in_array($page, $public_pages)) {
     // Cookie exists but session is invalid - redirect to login
+    if (!isset($_SESSION['session_timeout_shown'])) {
         Feedback::flash('LOGIN', 'SESSION_TIMEOUT');
-    header('Location: ' . htmlspecialchars($app_root) . '?page=login&timeout=1');
+        $_SESSION['session_timeout_shown'] = true;
+    }
+    header('Location: ' . htmlspecialchars($app_root) . '?page=login');
     exit();
 } else if (!in_array($page, $public_pages)) {
     // No valid session or cookie, and not a public page