Implement a stronger, reusable session timeout

2025-04-16 10:32:34 +01:00
parent f7e9fe7794
commit 7f91771166
4 changed files with 61 additions and 13 deletions
--- a/middleware/sessiontimeout.go
+++ b/middleware/sessiontimeout.go
@@ -0,0 +1,40 @@
+package middleware
+
+import (
+	"log"
+	"net/http"
+	"time"
+
+	session "synlotto-website/handlers/session"
+
+	"synlotto-website/constants"
+)
+
+func SessionTimeout(next http.HandlerFunc) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		sess, err := session.GetSession(w, r)
+		if err != nil {
+			http.Redirect(w, r, "/account/login", http.StatusSeeOther)
+			return
+		}
+
+		last, ok := sess.Values["last_activity"].(time.Time)
+		if !ok || time.Since(last) > constants.SessionDuration {
+			sess.Options.MaxAge = -1
+			_ = sess.Save(r, w)
+
+			newSession, _ := session.GetSession(w, r)
+			newSession.Values["flash"] = "Your session has timed out."
+			_ = newSession.Save(r, w)
+
+			log.Printf("Session timeout triggered")
+			http.Redirect(w, r, "/account/login", http.StatusSeeOther)
+			return
+		}
+
+		sess.Values["last_activity"] = time.Now().UTC()
+		_ = sess.Save(r, w)
+
+		next(w, r)
+	}
+}