Change JavaScript reauthentication check to check via XHR.

Benefit: Getting the real deadline this way, not interfering with an ongoing maintenance task.
2026-04-28 16:39:20 -04:00 · 2010-02-13 18:03:46 -08:00
parent 64e5d438c7
commit 0f66db51ef
2 changed files with 32 additions and 6 deletions
--- a/modules/gallery/controllers/admin.php
+++ b/modules/gallery/controllers/admin.php
@@ -29,6 +29,9 @@ class Admin_Controller extends Controller {
  }

  public function __call($controller_name, $args) {
+    if (Input::instance()->get("reauth_check")) {
+      return self::_reauth_check();
+    }
    if (auth::must_reauth_for_admin_area()) {
      return self::_prompt_for_reauth($controller_name, $args);
    }
@@ -54,6 +57,24 @@ class Admin_Controller extends Controller {
    call_user_func_array(array(new $controller_name, $method), $args);
  }

+  private static function _reauth_check() {
+    $session = Session::instance();
+    $last_active_auth = $session->get("active_auth_timestamp", 0);
+    $last_admin_area_activity = $session->get("admin_area_activity_timestamp", 0);
+    $admin_area_timeout = module::get_var("gallery", "admin_area_timeout");
+
+    $time_remaining = max($last_active_auth, $last_admin_area_activity) +
+      $admin_area_timeout - time();
+
+    $result = new stdClass();
+    $result->result = "success";
+    if ($time_remaining < 30) {
+      $result->location = url::abs_site("");
+    }
+
+    print json_encode($result);
+  }
+
  private static function _prompt_for_reauth($controller_name, $args) {
    if (request::method() == "get" && !request::is_ajax()) {
      // Avoid anti-phishing protection by passing the url as session variable.
--- a/modules/gallery/helpers/gallery_theme.php
+++ b/modules/gallery/helpers/gallery_theme.php
@@ -92,13 +92,18 @@ class gallery_theme_Core {
    }

    // Redirect to the root album when the admin session expires.
-    $redirect_url = url::abs_site("");
-    $admin_area_timeout = 1000 * module::get_var("gallery", "admin_area_timeout");
    $admin_session_redirect_check = '<script type="text/javascript">
-        var page_loaded_timestamp = new Date();
-        setInterval("if (new Date() - page_loaded_timestamp > ' . $admin_area_timeout .
-        ') document.location = \'' . $redirect_url . '\';", 60 * 1000);
-        </script>';
+      var adminReauthCheck = function() {
+        $.ajax({url: "' . url::site("admin?reauth_check=1") . '",
+                dataType: "json",
+                success: function(data){
+                  if ("location" in data) {
+                    document.location = data.location;
+                  }
+                }});
+      };
+      setInterval("adminReauthCheck();", 60 * 1000);
+      </script>';
    print $admin_session_redirect_check;

    if ($session->get("l10n_mode", false)) {