diff --git a/third_party/phpcommon b/third_party/phpcommon
index 1bc1d261..848e05c0 160000
--- a/third_party/phpcommon
+++ b/third_party/phpcommon
@@ -1 +1 @@
-Subproject commit 1bc1d261d292213dd1d93a98bd3afd8edbf9c24e
+Subproject commit 848e05c01f44622e52996bb04dfb6b344acce1b8
diff --git a/webapp/controller/BaseAuthedController.class.php b/webapp/controller/BaseAuthedController.class.php
index 5fcec0ae..49204979 100644
--- a/webapp/controller/BaseAuthedController.class.php
+++ b/webapp/controller/BaseAuthedController.class.php
@@ -50,6 +50,13 @@ class BaseAuthedController extends BaseController {
                 die();
             }
         }
+        if (SERVER_ENV == _ONLINE) {
+            $sessionTime = phpcommon\extractSessionTimeFromSessionId($this->_getSessionId());
+            if ($sessionTime < 1656070773) {
+                phpcommon\sendError(1001, 'session expiration');
+                die();
+            }
+        }
     }
 
     protected function updateSession($accountId, $sessionId)