Files
alrahma_sunday_school_api/app/Http/Controllers/Api/SessionTimeoutController.php
T
2026-03-05 12:29:37 -05:00

91 lines
2.7 KiB
PHP
Executable File

<?php
namespace App\Http\Controllers\Api;
use App\Config\SessionTimeout;
use Illuminate\Http\JsonResponse;
use Symfony\Component\HttpFoundation\Response;
class SessionTimeoutController extends BaseApiController
{
public function getTimeoutConfig(): JsonResponse
{
return response()->json([
'success' => true,
'timeout' => SessionTimeout::TIMEOUT_DURATION,
'warning_time' => SessionTimeout::WARNING_THRESHOLD,
'check_interval' => SessionTimeout::CHECK_INTERVAL,
'logout_url' => url('/api/v1/auth/logout'),
'keep_alive_url' => url('/api/v1/session/pingActivity'),
'check_url' => url('/api/v1/session/checkTimeout'),
]);
}
public function checkTimeout(): JsonResponse
{
$session = session();
// Verify session exists and has last_activity
if (!$session->has('last_activity')) {
return $this->expireSession();
}
$lastActivity = $session->get('last_activity');
$elapsed = time() - $lastActivity;
if ($elapsed > SessionTimeout::TIMEOUT_DURATION) {
return $this->expireSession();
} elseif ($elapsed > SessionTimeout::WARNING_THRESHOLD) {
return response()->json([
'status' => 'warning',
'time_remaining' => SessionTimeout::TIMEOUT_DURATION - $elapsed,
]);
}
return response()->json([
'status' => 'active',
'time_remaining' => SessionTimeout::TIMEOUT_DURATION - $elapsed,
]);
}
public function pingActivity(): JsonResponse
{
$session = session();
// Only update if session is still valid
if (!$session->has('last_activity') ||
(time() - $session->get('last_activity') > SessionTimeout::TIMEOUT_DURATION)) {
return $this->expireSession();
}
$session->put('last_activity', time());
return response()->json([
'status' => 'active',
'time_remaining' => SessionTimeout::TIMEOUT_DURATION,
]);
}
private function expireSession(): JsonResponse
{
$this->destroySession();
return response()->json([
'status' => 'expired',
'redirect' => url('/login'),
'message' => 'Your session has expired due to inactivity.',
], Response::HTTP_UNAUTHORIZED);
}
private function destroySession(): void
{
$session = session();
$session->flash('error', 'Your session has expired due to inactivity.');
// Clear session data
$session->forget('last_activity');
$session->invalidate();
// Regenerate session ID for security
$session->regenerate(true);
}
}