Removes code duplicating with session class

app/includes/session_middleware.php

@@ -4,94 +4,29 @@
  * Session Middleware
  *
  * Validates session status and handles session timeout.
- * This middleware should be included in all protected pages.
+ * If session is invalid, redirects to login page.
  */
 
-function applySessionMiddleware($config, $app_root) {
+function applySessionMiddleware($config, $app_root, $isTest = false) {
-    $isTest = defined('PHPUNIT_RUNNING');
+    // Start session if not already started
+    if (session_status() !== PHP_SESSION_ACTIVE) {
+        Session::startSession();
+    }
 
-    // Access $_SESSION directly in test mode
+    // Check session validity
-    if (!$isTest) {
+    if (!Session::isValidSession()) {
-        // Start session if not already started
+        // Session invalid, clean up and redirect
-        if (session_status() !== PHP_SESSION_ACTIVE && !headers_sent()) {
+        Session::cleanup($config);
-            session_start([
+
-                'cookie_httponly' => 1,
+        // Flash session timeout message
-                'cookie_secure' => 1,
+        Feedback::flash('LOGIN', 'SESSION_TIMEOUT');
-                'cookie_samesite' => 'Strict',
+
-                'gc_maxlifetime' => 7200 // 2 hours
+        if (!$isTest) {
-            ]);
+            header('Location: ' . $app_root . '?page=login');
+            exit();
         }
-    }
-
-    // Check if user is logged in with all required session variables
-    if (!isset($_SESSION['user_id']) || !isset($_SESSION['username'])) {
-        cleanupSession($config, $app_root, $isTest);
         return false;
     }
 
-    // Check session timeout
-    $session_timeout = isset($_SESSION['REMEMBER_ME']) ? (30 * 24 * 60 * 60) : 7200; // 30 days or 2 hours
-    if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $session_timeout)) {
-        // Session has expired
-        cleanupSession($config, $app_root, $isTest);
-        return false;
-    }
-
-    // Update last activity time
-    $_SESSION['LAST_ACTIVITY'] = time();
-
-    // Regenerate session ID periodically (every 30 minutes)
-    if (!isset($_SESSION['CREATED'])) {
-        $_SESSION['CREATED'] = time();
-    } else if (time() - $_SESSION['CREATED'] > 1800) {
-        // Regenerate session ID and update creation time
-        if (!$isTest && !headers_sent() && session_status() === PHP_SESSION_ACTIVE) {
-            $oldData = $_SESSION;
-            session_regenerate_id(true);
-            $_SESSION = $oldData;
-            $_SESSION['CREATED'] = time();
-        }
-    }
-
     return true;
 }
-
-/**
- * Helper function to clean up session data and redirect
- */
-function cleanupSession($config, $app_root, $isTest) {
-    // Always clear session data
-    $_SESSION = array();
-
-    if (!$isTest) {
-        if (session_status() === PHP_SESSION_ACTIVE) {
-            session_unset();
-            session_destroy();
-
-            // Start a new session to prevent errors
-            if (!headers_sent()) {
-                session_start([
-                    'cookie_httponly' => 1,
-                    'cookie_secure' => 1,
-                    'cookie_samesite' => 'Strict',
-                    'gc_maxlifetime' => 7200
-                ]);
-            }
-        }
-
-        // Clear cookies
-        if (!headers_sent()) {
-            setcookie('username', '', [
-                'expires' => time() - 3600,
-                'path' => $config['folder'],
-                'domain' => $config['domain'],
-                'secure' => isset($_SERVER['HTTPS']),
-                'httponly' => true,
-                'samesite' => 'Strict'
-            ]);
-        }
-
-        header('Location: ' . $app_root . '?page=login&timeout=1');
-        exit();
-    }
-}