session: On-demand Session Destroy

This commit adds ability to ask backend to destroy a session by session_id. Also changes how expire routine works - passing zero ttl results in the session being destroyed immediately.
osTicket · Nov 9, 2022 · 49d91b0 · 49d91b0
1 parent 2832d44
commit 49d91b0
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/include/class.ostsession.php b/include/class.ostsession.php
@@ -226,7 +226,7 @@ static function regenerate(int $ttl=60) {
      * it otherwise it should destroy it by calling this->destroy($id)
      */
     // Expire session - end is near mb!
-    static function expire($id, $ttl) {
+    static function expire($id, int $ttl) {
         // See if we have a backend to ask to expire the session - otherwise
         // we destroy session now!
         if (!($backend=self::registered_backend()))
@@ -236,6 +236,12 @@ static function expire($id, $ttl) {
         return (bool) $backend->expire($id, $ttl);
     }
 
+    // Aks the backend to destroy a session now
+    static function destroy($id) {
+        // Expire with ttl of 0 destroys the session
+        return (bool) self::expire($id, 0);
+    }
+
     // Cleanup Expired Sessions
     static function cleanup() {
         // get active backend

diff --git a/include/class.session.php b/include/class.session.php
@@ -362,6 +362,10 @@ public function update($id, $data) {
         }
 
         public function expire($id, $ttl) {
+            // Destroy session record if expire is now.
+            if ($ttl == 0)
+                return $this->destroy($id);
+
             if (!$this->expireRecord($id, $ttl))
                 return false;