fix: session not persisting

2023-12-17 12:43:59 +01:00 · 2023-12-17 12:43:59 +01:00 · d50d4b0aab
commit d50d4b0aab
parent 3520d1ca23
3 changed files with 22 additions and 8 deletions
--- a/index.php
+++ b/index.php
@ -51,8 +51,7 @@ if (file_exists($configPath)) {
 */
 session_start(
    array(
-        'name'            => 'wishthis',
-        'cookie_lifetime' => \ini_get('session.gc_maxlifetime') ?: 1440,
+        'name' => 'wishthis',
    )
 );

--- a/src/classes/wishthis/User.php
+++ b/src/classes/wishthis/User.php
@ -249,7 +249,7 @@ class User
     */
    public function isLoggedIn(): bool
    {
-        if (!isset($_COOKIE['wishthis'])) {
+        if (!isset($_COOKIE['wishthis'], $_COOKIE['wishthis_session'])) {
            return false;
        }

@ -267,7 +267,7 @@ class User
               FROM `sessions`
              WHERE `session` = :session',
            array(
-                'session' => $_COOKIE['wishthis'],
+                'session' => $_COOKIE['wishthis_session'],
            )
        )
        ->fetch();
@ -447,6 +447,9 @@ class User

        session_destroy();
        unset($_SESSION);
+
+        /** Delete cookie */
+        \setcookie('wishthis_session', '', time() - 3600);
    }

    public function delete(): void
@ -554,13 +557,16 @@ class User

    public function refreshSession(int $forUser = 0): void
    {
-        $sessionId              = $_COOKIE['wishthis'];
-        $sessionDurationSeconds = \ini_get('session.gc_maxlifetime') ?: 1440;
+        $sessionId              = $_COOKIE['wishthis_session']
+                               ?? \password_hash(\bin2hex(\random_bytes(32)), \PASSWORD_BCRYPT);
+        $sessionDurationSeconds = 1440;

        if ($this->stayLoggedIn) {
-            $sessionDurationSeconds = 31104000; // One year
+            $sessionDurationSeconds = 7776000; /** Three months */
        }

+        $sessionExpires = time() + $sessionDurationSeconds;
+
        if (0 === $forUser) {
            $forUser = $this->id;
        }
@ -573,6 +579,10 @@ class User
        );
        $database->connect();

+        /** Create cookie */
+        \setcookie('wishthis_session', $sessionId, $sessionExpires, '/');
+        $_COOKIE['wishthis_session'] = $sessionId;
+
        /** Delete outdated sessions */
        $database
        ->query(
@ -602,7 +612,7 @@ class User
                      WHERE `session` = :session
                        AND `user` = :user',
                    array(
-                        'expires' => date('Y-m-d H:i', time() + $sessionDurationSeconds),
+                        'expires' => date('Y-m-d H:i', $sessionExpires),
                        'session' => $sessionId,
                        'user'    => $forUser,
                    )
--- a/src/update/1-1-1.sql
+++ b/src/update/1-1-1.sql
@ -0,0 +1,5 @@
+/**
+ * Sessions
+ */
+  ALTER TABLE `sessions`
+CHANGE COLUMN `session` `session` VARCHAR(60) NOT NULL;