From 10694479254b3d5322b06e449a65aa5f0c9e165e Mon Sep 17 00:00:00 2001
From: "J. King" <jking@jkingweb.ca>
Date: Sun, 24 Sep 2017 10:09:36 -0400
Subject: [PATCH] Make session cleanup more sophisticated

---
 lib/Database.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/Database.php b/lib/Database.php
index ddce4f1..e2b72a8 100644
--- a/lib/Database.php
+++ b/lib/Database.php
@@ -248,8 +248,8 @@ class Database {
     }
 
     public function sessionResume(string $id): array {
-        $maxage = Date::sub(Arsse::$conf->userSessionLifetime);
-        $out = $this->db->prepare("SELECT * from arsse_sessions where id is ? and expires > CURRENT_TIMESTAMP and created > ?", "str", "datetime")->run($id, $maxage)->getRow();
+        $maxAge = Date::sub(Arsse::$conf->userSessionLifetime);
+        $out = $this->db->prepare("SELECT * from arsse_sessions where id is ? and expires > CURRENT_TIMESTAMP and created > ?", "str", "datetime")->run($id, $maxAge)->getRow();
         // if the session does not exist or is expired, throw an exception
         if (!$out) {
             throw new User\ExceptionSession("invalid", $id);
@@ -267,7 +267,8 @@ class Database {
     }
 
     public function sessionCleanup(): int {
-        return $this->db->query("DELETE FROM arsse_sessions where expires < CURRENT_TIMESTAMP")->changes();
+        $maxAge = Date::sub(Arsse::$conf->userSessionLifetime);
+        return $this->db->prepare("DELETE FROM arsse_sessions where expires < CURRENT_TIMESTAMP or created < ?", "datetime")->run($maxAge)->changes();
     }
 
     protected function sessionExpiringSoon(DateTimeInterface $expiry): bool {