From 51de7b7aac7ed626bee3bce1c3068159e54ab95b Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 24 Jun 2021 14:45:05 +0200
Subject: [locations/minilinux] Minor cleanups and fixes

---
 inc/session.inc.php | 35 +++++++++++++++++++++++------------
 1 file changed, 23 insertions(+), 12 deletions(-)

(limited to 'inc/session.inc.php')

diff --git a/inc/session.inc.php b/inc/session.inc.php
index f06cd580..fc875669 100644
--- a/inc/session.inc.php
+++ b/inc/session.inc.php
@@ -8,6 +8,7 @@ class Session
 	private static $data = false;
 	private static $dataChanged = false;
 	private static $userId = 0;
+	private static $updateSessionDateline = false;
 	
 	private static function generateSessionId(string $salt)
 	{
@@ -37,6 +38,7 @@ class Session
 					'userid' => $userId,
 					'fixedip' => $fixedAddress ? 1 : 0,
 		]);
+		self::setupSessionAccounting(true);
 	}
 
 	public static function load(): bool
@@ -48,6 +50,7 @@ class Session
 		if (self::readSessionData())
 			return true;
 		// Loading session data failed
+		self::$sid = false;
 		return false;
 	}
 
@@ -123,6 +126,8 @@ class Session
 		if ($row['fixedip'] && $row['lastip'] !== $_SERVER['REMOTE_ADDR']) {
 			return false; // Ignore but don't invalidate
 		}
+		// Refresh cookie if appropriate
+		self::setupSessionAccounting(Request::isGet() && $row['dateline'] + 86400 < $now + CONFIG_SESSION_TIMEOUT);
 		self::$userId = $row['userid'];
 		self::$data = @json_decode($row['data'], true);
 		if (!is_array(self::$data)) {
@@ -136,14 +141,28 @@ class Session
 		}
 		return true;
 	}
+
+	private static function setupSessionAccounting(bool $cookie)
+	{
+		if ($cookie) {
+			self::$updateSessionDateline = true;
+			$ret = setcookie('sid', self::$sid, time() + CONFIG_SESSION_TIMEOUT,
+				null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
+			if (!$ret)
+				Util::traceError('Error: Could not set Cookie for Client (headers already sent)');
+		}
+		register_shutdown_function(function () {
+			Session::saveInternal();
+		});
+	}
 	
 	public static function saveInternal()
 	{
 		$now = time();
-		$args = [
-			'dateline' => $now + CONFIG_SESSION_TIMEOUT,
-			'lastip' => $_SERVER['REMOTE_ADDR'],
-		];
+		$args = ['lastip' => $_SERVER['REMOTE_ADDR']];
+		if (self::$updateSessionDateline) {
+			$args['dateline'] = $now + CONFIG_SESSION_TIMEOUT;
+		}
 		if (self::$dataChanged) {
 			$args['data'] = json_encode(self::$data);
 		}
@@ -152,14 +171,6 @@ class Session
 			}, array_keys($args))) . " WHERE sid = :sid";
 		$args['sid'] = self::$sid;
 		Database::exec($query, $args);
-		$ret = setcookie('sid', self::$sid, $now + CONFIG_SESSION_TIMEOUT,
-			null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
-		if (!$ret)
-			Util::traceError('Error: Could not set Cookie for Client (headers already sent)');
 	}
 
 }
-
-register_shutdown_function(function () {
-	Session::saveInternal();
-});
-- 
cgit v1.2.3-55-g7522