Decouple session from csrf handler, set initial lastActivity

2025-03-01 10:31:47 +00:00 · 2025-01-20 00:55:21 -08:00 · 2025-01-20 00:55:21 -08:00 · c51b520b8d
commit c51b520b8d
parent 866d8eb5b0
3 changed files with 6 additions and 1 deletions
--- a/includes/csrf.php
+++ b/includes/csrf.php
@ -1,7 +1,6 @@
 <?php

 require_once 'functions.php';
-require_once 'session.php';

 if (csrfValidateRequest() && !CSRFValidate()) {
    handleInvalidCSRFToken();
--- a/includes/session.php
+++ b/includes/session.php
@ -3,3 +3,8 @@
 if (session_status() == PHP_SESSION_NONE) {
    session_start();
 }
+
+if (!isset($_SESSION['lastActivity'])) {
+    $_SESSION['lastActivity'] = time();
+}
+
--- a/index.php
+++ b/index.php
@ -23,6 +23,7 @@
 * as you leave these references intact in the header comments of your source files.
 */

+require 'includes/session.php';
 require 'includes/csrf.php';
 ensureCSRFSessionToken();