feat(session): preserve intended URL across session timeout and add expiry warning dialog
When a session expires, the user's current URL is now captured and restored after re-authentication (via remember-me cookie or manual login), instead of always redirecting to the dashboard. A JavaScript session warning dialog appears ~2 minutes before idle timeout, allowing users to extend their session with a single click. Includes open-redirect prevention via URL validation, Microsoft SSO callback support, and 33 unit tests. Refs: SESSION-REDIRECT-PRESERVE-001 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
38
pages/admin/session-ping/data().php
Normal file
38
pages/admin/session-ping/data().php
Normal file
@@ -0,0 +1,38 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Settings\SettingsSessionGateway;
|
||||
use MintyPHP\Session;
|
||||
|
||||
if ((requestInput()->method()) !== 'POST') {
|
||||
http_response_code(405);
|
||||
Router::json(['ok' => false, 'error' => 'method_not_allowed']);
|
||||
return;
|
||||
}
|
||||
|
||||
$sessionStore = app(SessionStoreInterface::class);
|
||||
$session = $sessionStore->all();
|
||||
$currentUserId = (int) ($session['user']['id'] ?? 0);
|
||||
if ($currentUserId <= 0) {
|
||||
http_response_code(403);
|
||||
Router::json(['ok' => false, 'error' => 'forbidden']);
|
||||
return;
|
||||
}
|
||||
|
||||
if (!Session::checkCsrfToken()) {
|
||||
http_response_code(403);
|
||||
Router::json(['ok' => false, 'error' => 'csrf']);
|
||||
return;
|
||||
}
|
||||
|
||||
// Touch session idle timer (absolute timeout remains unchanged).
|
||||
$sessionStore->set('session_last_activity', time());
|
||||
|
||||
$sessionGateway = app(SettingsSessionGateway::class);
|
||||
$idleTimeoutSeconds = $sessionGateway->getSessionIdleTimeoutSeconds();
|
||||
|
||||
Router::json([
|
||||
'ok' => true,
|
||||
'idle_timeout_seconds' => $idleTimeoutSeconds,
|
||||
]);
|
||||
Reference in New Issue
Block a user