frodovdr/raspap-webgui
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2025-03-01 10:31:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add csrf token check, destroy session on timeout

Browse Source
This commit is contained in:
billz 2025-01-22 00:11:22 -08:00
parent 50ed5f9f4b
commit ec0dd304ee
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ajax/session/do_check_session.php Normal file → Executable file
View File

@ -10,6 +10,11 @@ $lastActivity = $_SESSION['lastActivity'] ?? time();
$sessionLifetime = time() - $lastActivity; $sessionLifetime = time() - $lastActivity;
$status = $sessionLifetime >= RASPI_SESSION_TIMEOUT ? 'session_expired' : 'active'; $status = $sessionLifetime >= RASPI_SESSION_TIMEOUT ? 'session_expired' : 'active';
if ($status = 'session_expired') {
session_unset(); // unset all session variables
session_destroy(); // destroy the session
}
// send response // send response
header('Content-Type: application/json'); header('Content-Type: application/json');
header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0'); header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');

3
app/js/custom.js
View File

@ -678,7 +678,8 @@ function checkSession() {
if (window.location.pathname === '/login') { if (window.location.pathname === '/login') {
return; return;
} }
$.get('ajax/session/do_check_session.php', function (data) { var csrfToken = $('meta[name=csrf_token]').attr('content');
$.post('ajax/session/do_check_session.php',{'csrf_token': csrfToken},function (data) {
if (data.status === 'session_expired') { if (data.status === 'session_expired') {
clearInterval(sessionCheckInterval); clearInterval(sessionCheckInterval);
showSessionExpiredModal(); showSessionExpiredModal();