Fix session expiration on several drivers.

laravel · Jun 10, 2016 · 0831312 · itsdave · Jun 14, 2016 · 0831312
1 parent ecf782a
commit 0831312
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 7 deletions.
diff --git a/src/Illuminate/Session/CookieSessionHandler.php b/src/Illuminate/Session/CookieSessionHandler.php
@@ -2,6 +2,7 @@
 
 namespace Illuminate\Session;
 
+use Carbon\Carbon;
 use SessionHandlerInterface;
 use Symfony\Component\HttpFoundation\Request;
 use Illuminate\Contracts\Cookie\QueueingFactory as CookieJar;
@@ -56,15 +57,26 @@ public function close()
      */
     public function read($sessionId)
     {
-        return $this->request->cookies->get($sessionId) ?: '';
+        $value = $this->request->cookies->get($sessionId) ?: '';
+
+        if (! is_null($decoded = json_decode($value, true)) && is_array($decoded)) {
+            if (isset($decoded['expires']) && time() <= $decoded['expires']) {
+                return $decoded['data'];
+            }
+        }
+
+        return '';
     }
 
     /**
      * {@inheritdoc}
      */
     public function write($sessionId, $data)
     {
-        $this->cookie->queue($sessionId, $data, $this->minutes);
+        $this->cookie->queue($sessionId, json_encode([
+            'data' => $data,
+            'expires' => Carbon::now()->addMinutes($this->minutes)->getTimestamp(),
+        ]), $this->minutes);
     }
 
     /**

diff --git a/src/Illuminate/Session/DatabaseSessionHandler.php b/src/Illuminate/Session/DatabaseSessionHandler.php
@@ -2,6 +2,7 @@
 
 namespace Illuminate\Session;
 
+use Carbon\Carbon;
 use SessionHandlerInterface;
 use Illuminate\Database\ConnectionInterface;
 
@@ -21,6 +22,13 @@ class DatabaseSessionHandler implements SessionHandlerInterface, ExistenceAwareI
      */
     protected $table;
 
+    /**
+     * The number of minutes the session should be valid.
+     *
+     * @var int
+     */
+    protected $minutes;
+
     /**
      * The existence state of the session.
      *
@@ -33,11 +41,13 @@ class DatabaseSessionHandler implements SessionHandlerInterface, ExistenceAwareI
      *
      * @param  \Illuminate\Database\ConnectionInterface  $connection
      * @param  string  $table
+     * @param  int  $minutes
      * @return void
      */
-    public function __construct(ConnectionInterface $connection, $table)
+    public function __construct(ConnectionInterface $connection, $table, $minutes)
     {
         $this->table = $table;
+        $this->minutes = $minutes;
         $this->connection = $connection;
     }
 
@@ -64,6 +74,12 @@ public function read($sessionId)
     {
         $session = (object) $this->getQuery()->find($sessionId);
 
+        if (isset($session->last_activity)) {
+            if ($session->last_activity < Carbon::now()->subMinutes($this->minutes)->getTimestamp()) {
+                return;
+            }
+        }
+
         if (isset($session->payload)) {
             $this->exists = true;
 

diff --git a/src/Illuminate/Session/FileSessionHandler.php b/src/Illuminate/Session/FileSessionHandler.php
@@ -2,6 +2,7 @@
 
 namespace Illuminate\Session;
 
+use Carbon\Carbon;
 use SessionHandlerInterface;
 use Symfony\Component\Finder\Finder;
 use Illuminate\Filesystem\Filesystem;
@@ -22,17 +23,26 @@ class FileSessionHandler implements SessionHandlerInterface
      */
     protected $path;
 
+    /**
+     * The number of minutes the session should be valid.
+     *
+     * @var int
+     */
+    protected $minutes;
+
     /**
      * Create a new file driven handler instance.
      *
      * @param  \Illuminate\Filesystem\Filesystem  $files
      * @param  string  $path
+     * @param  int  $minutes
      * @return void
      */
-    public function __construct(Filesystem $files, $path)
+    public function __construct(Filesystem $files, $path, $minutes)
     {
         $this->path = $path;
         $this->files = $files;
+        $this->minutes = $minutes;
     }
 
     /**
@@ -57,7 +67,9 @@ public function close()
     public function read($sessionId)
     {
         if ($this->files->exists($path = $this->path.'/'.$sessionId)) {
-            return $this->files->get($path);
+            if (filemtime($path) >= Carbon::now()->subMinutes($this->minutes)->getTimestamp()) {
+                return $this->files->get($path);
+            }
         }
 
         return '';

diff --git a/src/Illuminate/Session/SessionManager.php b/src/Illuminate/Session/SessionManager.php
@@ -59,7 +59,9 @@ protected function createNativeDriver()
     {
         $path = $this->app['config']['session.files'];
 
-        return $this->buildSession(new FileSessionHandler($this->app['files'], $path));
+        $lifetime = $this->app['config']['session.lifetime'];
+
+        return $this->buildSession(new FileSessionHandler($this->app['files'], $path, $lifetime));
     }
 
     /**
@@ -73,7 +75,9 @@ protected function createDatabaseDriver()
 
         $table = $this->app['config']['session.table'];
 
-        return $this->buildSession(new DatabaseSessionHandler($connection, $table));
+        $lifetime = $this->app['config']['session.lifetime'];
+
+        return $this->buildSession(new DatabaseSessionHandler($connection, $table, $lifetime));
     }
 
     /**