Change JavaScript reauthentication check to check via XHR.

Benefit: Getting the real deadline this way, not interfering with an ongoing maintenance task.
gallery · Feb 14, 2010 · 0f66db5 · 0f66db5
1 parent 64e5d43
commit 0f66db5
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 6 deletions.
diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php
@@ -29,6 +29,9 @@ public function __construct($theme=null) {
   }
 
   public function __call($controller_name, $args) {
+    if (Input::instance()->get("reauth_check")) {
+      return self::_reauth_check();
+    }
     if (auth::must_reauth_for_admin_area()) {
       return self::_prompt_for_reauth($controller_name, $args);
     }
@@ -54,6 +57,24 @@ public function __call($controller_name, $args) {
     call_user_func_array(array(new $controller_name, $method), $args);
   }
 
+  private static function _reauth_check() {
+    $session = Session::instance();
+    $last_active_auth = $session->get("active_auth_timestamp", 0);
+    $last_admin_area_activity = $session->get("admin_area_activity_timestamp", 0);
+    $admin_area_timeout = module::get_var("gallery", "admin_area_timeout");
+
+    $time_remaining = max($last_active_auth, $last_admin_area_activity) +
+      $admin_area_timeout - time();
+
+    $result = new stdClass();
+    $result->result = "success";
+    if ($time_remaining < 30) {
+      $result->location = url::abs_site("");
+    }
+
+    print json_encode($result);
+  }
+
   private static function _prompt_for_reauth($controller_name, $args) {
     if (request::method() == "get" && !request::is_ajax()) {
       // Avoid anti-phishing protection by passing the url as session variable.

diff --git a/modules/gallery/helpers/gallery_theme.php b/modules/gallery/helpers/gallery_theme.php
@@ -92,13 +92,18 @@ static function admin_page_bottom($theme) {
     }
 
     // Redirect to the root album when the admin session expires.
-    $redirect_url = url::abs_site("");
-    $admin_area_timeout = 1000 * module::get_var("gallery", "admin_area_timeout");
     $admin_session_redirect_check = '<script type="text/javascript">
-        var page_loaded_timestamp = new Date();
-        setInterval("if (new Date() - page_loaded_timestamp > ' . $admin_area_timeout .
-        ') document.location = \'' . $redirect_url . '\';", 60 * 1000);
-        </script>';
+      var adminReauthCheck = function() {
+        $.ajax({url: "' . url::site("admin?reauth_check=1") . '",
+                dataType: "json",
+                success: function(data){
+                  if ("location" in data) {
+                    document.location = data.location;
+                  }
+                }});
+      };
+      setInterval("adminReauthCheck();", 60 * 1000);
+      </script>';
     print $admin_session_redirect_check;
 
     if ($session->get("l10n_mode", false)) {