false, 'error' => 'method_not_allowed'], forceJson: true )) { return; } $sessionStore = app(SessionStoreInterface::class); $session = $sessionStore->all(); $currentUserId = (int) ($session['user']['id'] ?? 0); if ($currentUserId <= 0) { http_response_code(403); Router::json(['ok' => false, 'error' => 'forbidden']); return; } if (!actionRequireCsrf( 'admin', jsonAware: true, jsonStatusCode: 403, jsonPayload: ['ok' => false, 'error' => 'csrf'], flashOnFailure: false, redirectOnFailure: false, forceJson: true )) { return; } // Touch session idle timer (absolute timeout remains unchanged). $sessionStore->set('session_last_activity', time()); $sessionGateway = app(SettingsSessionGateway::class); $idleTimeoutSeconds = $sessionGateway->getSessionIdleTimeoutSeconds(); Router::json([ 'ok' => true, 'idle_timeout_seconds' => $idleTimeoutSeconds, ]);