* [FIX] Fixed wrong behavior when session is timed out

Signed-off-by: Rubén D <nuxsmin@syspass.org>
2026-03-06 16:36:59 +01:00 · 2019-01-26 11:25:25 +01:00
parent 221005f9f8
commit a65d261ba8
12 changed files with 194 additions and 72 deletions
--- a/app/modules/web/Controllers/SimpleControllerBase.php
+++ b/app/modules/web/Controllers/SimpleControllerBase.php
@@ -27,6 +27,7 @@ namespace SP\Modules\Web\Controllers;
 use DI\Container;
 use Psr\Container\ContainerInterface;
 use SP\Core\Acl\UnauthorizedPageException;
+use SP\Core\Exceptions\SessionTimeout;
 use SP\Modules\Web\Controllers\Traits\WebControllerTrait;

 /**
@@ -53,8 +54,7 @@ abstract class SimpleControllerBase
     * @param Container $container
     * @param           $actionName
     *
-     * @throws \Psr\Container\ContainerExceptionInterface
-     * @throws \Psr\Container\NotFoundExceptionInterface
+     * @throws SessionTimeout
     */
    public function __construct(Container $container, $actionName)
    {
@@ -65,18 +65,26 @@ abstract class SimpleControllerBase

        $this->previousSk = $this->session->getSecurityKey();

-        if (method_exists($this, 'initialize')) {
+        try {
            $this->initialize();
+        } catch (SessionTimeout $sessionTimeout) {
+            $this->handleSessionTimeout();
+
+            throw $sessionTimeout;
        }
    }

    /**
-     * Comprobaciones
+     * @return void
     */
-    protected function checks()
+    protected abstract function initialize();
+
+    /**
+     * @return void
+     */
+    public function handleSessionTimeout()
    {
-        $this->checkLoggedInSession(
-            $this->session,
+        $this->sessionLogout(
            $this->request,
            $this->configData,
            function ($redirect) {
@@ -85,6 +93,21 @@ abstract class SimpleControllerBase
                    ->send(true);
            }
        );
+    }
+
+    /**
+     * Comprobaciones
+     *
+     * @throws SessionTimeout
+     */
+    protected function checks()
+    {
+        if ($this->session->isLoggedIn() === false
+            || $this->session->getAuthCompleted() !== true
+        ) {
+            throw new SessionTimeout();
+        }
+
 //        $this->checkSecurityToken($this->session, $this->request);
    }