diff --git a/webapp/controller/BaseAuthedController.class.php b/webapp/controller/BaseAuthedController.class.php index 4fe226ec..bef9b5b0 100644 --- a/webapp/controller/BaseAuthedController.class.php +++ b/webapp/controller/BaseAuthedController.class.php @@ -25,13 +25,33 @@ class BaseAuthedController extends BaseController { public function _handlePre() { - $this->accountId = $_REQUEST['account_id']; - $this->sessionId = $_REQUEST['session_id']; + $this->accountId = getReqVal('account_id', ''); + $this->sessionId = getReqVal('session_id', ''); if (!phpcommon\isValidSessionId($this->accountId, - $this->sessionId)) { + $this->sessionId)) { phpcommon\sendError(500, 'invalid session_id'); - die(); + die(); } + if (!(getReqVal('c', '') == 'User' && getReqVal('c', '') == 'login')) { + $r = $this->_getRedis($this->_getAccountId()); + $sessionId = $r->get(LAST_SESSION_KEY . $this->_getAccountId()); + if (empty($sessionId)) { + $this->updateSession(myself()->_getAccountId(), + myself()->_getSessionId()); + } else if ($sessionId != $this->_getSessionId()) { + error_log('session expiration' . json_encode( + $_REQUEST + )); + phpcommon\sendError(1001, 'session expiration'); + } + } + } + + protected function updateSession($accountId, $sessionId) + { + $r = $this->_getRedis($this->_getAccountId()); + $r->set(LAST_SESSION_KEY . $this->_getAccountId()); + $r->pexpire(LAST_SESSION_KEY . $this->_getAccountId(), 3600 * 24); } public function _getAccountId() diff --git a/webapp/controller/UserController.class.php b/webapp/controller/UserController.class.php index d005bffa..ad7b1213 100644 --- a/webapp/controller/UserController.class.php +++ b/webapp/controller/UserController.class.php @@ -24,6 +24,8 @@ class UserController extends BaseAuthedController { public function login() { + $this->updateSession(myself()->_getAccountId(), + myself()->_getSessionId()); //$user_name = $_REQUEST['name']; //$avatar_url = $_REQUEST['avatar_url']; $userName = 'guest';