From ac0d90c1008bce32c56e49cb642d40391e45e0a5 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Mon, 28 Dec 2020 13:09:57 +0100 Subject: Auto-renew cookie (#3287) #fix https://github.com/FreshRSS/FreshRSS/issues/3169#issuecomment-685983797 Supplement https://github.com/FreshRSS/FreshRSS/pull/3170 When we get the long-term login cookie (i.e. when starting a new session), renew it at the same time for the same duration --- app/Models/Auth.php | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) (limited to 'app/Models/Auth.php') diff --git a/app/Models/Auth.php b/app/Models/Auth.php index 0d45da6ed..fbce4c48b 100644 --- a/app/Models/Auth.php +++ b/app/Models/Auth.php @@ -271,7 +271,23 @@ class FreshRSS_FormAuth { } $credentials = @file_get_contents($token_file); - return $credentials === false ? array() : explode("\t", $credentials, 2); + if ($credentials !== false && self::renewCookie($token)) { + return explode("\t", $credentials, 2); + } + return []; + } + + private static function renewCookie($token) { + $token_file = DATA_PATH . '/tokens/' . $token . '.txt'; + if (touch($token_file)) { + $conf = Minz_Configuration::get('system'); + $limits = $conf->limits; + $cookie_duration = empty($limits['cookie_duration']) ? FreshRSS_Auth::DEFAULT_COOKIE_DURATION : $limits['cookie_duration']; + $expire = time() + $cookie_duration; + Minz_Session::setLongTermCookie('FreshRSS_login', $token, $expire); + return $token; + } + return false; } public static function makeCookie($username, $password_hash) { @@ -285,11 +301,7 @@ class FreshRSS_FormAuth { return false; } - $limits = $conf->limits; - $cookie_duration = empty($limits['cookie_duration']) ? FreshRSS_Auth::DEFAULT_COOKIE_DURATION : $limits['cookie_duration']; - $expire = time() + $cookie_duration; - Minz_Session::setLongTermCookie('FreshRSS_login', $token, $expire); - return $token; + return self::renewCookie($token); } public static function deleteCookie() { -- cgit v1.2.3