Feature: Session manager & dedicated login

ajax/session/do_check_session.php

@@ -0,0 +1,28 @@
+<?php
+
+require '../../includes/csrf.php';
+require_once '../../includes/session.php';
+require_once '../../includes/config.php';
+require_once '../../src/RaspAP/Auth/HTTPAuth.php';
+require_once '../../includes/authenticate.php';
+
+$lastActivity = $_SESSION['lastActivity'] ?? time();
+$sessionLifetime = time() - $lastActivity;
+$status = $sessionLifetime >= RASPI_SESSION_TIMEOUT ? 'session_expired' : 'active';
+
+// send response
+header('Content-Type: application/json');
+header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
+header('Expires: Thu, 01 Jan 1970 00:00:00 GMT');
+header('Pragma: no-cache');
+
+$response = [
+    'status' => $status,
+    'last_activity' => $lastActivity,
+    'session_lifetime' => $sessionLifetime,
+    'timeout_duration' => RASPI_SESSION_TIMEOUT
+];
+
+echo json_encode($response);
+exit();
+

app/js/custom.js

@@ -671,6 +671,28 @@ window.addEventListener('load', function() {
     });
 }, false);
 
+let sessionCheckInterval = setInterval(checkSession, 5000);
+
+function checkSession() {
+    $.get('ajax/session/do_check_session.php', function (data) {
+        if (data.status === 'session_expired') {
+            clearInterval(sessionCheckInterval);
+            showSessionExpiredModal();
+        }
+    }).fail(function (jqXHR, status, err) {
+        console.error("Error checking session status:", status, err);
+    });
+}
+
+function showSessionExpiredModal() {
+    $('#sessionTimeoutModal').modal('show');
+}
+
+$(document).on("click", "#js-session-expired-login", function(e) {
+    console.log('clicked!');
+    window.location.href = '/login';
+});
+
 // DHCP or Static IP option group
 $('#chkstatic').on('change', function() {
     if (this.checked) {

config/config.php

@@ -11,6 +11,7 @@
 define('RASPI_ERROR_LOG', sys_get_temp_dir() . '/raspap_error.log');
 define('RASPI_DEBUG_LOG', 'raspap_debug.log');
 define('RASPI_LOG_SIZE_LIMIT', 64);
+define('RASPI_SESSION_TIMEOUT', 1440);
 
 // Constants for configuration file paths.
 // These are typical for default RPi installs. Modify if needed.

includes/csrf.php

@@ -1,7 +1,6 @@
 <?php
 
 require_once 'functions.php';
-require_once 'session.php';
 
 if (csrfValidateRequest() && !CSRFValidate()) {
     handleInvalidCSRFToken();

includes/defaults.php

@@ -16,6 +16,7 @@
   'RASPI_ERROR_LOG' => sys_get_temp_dir() . '/raspap_error.log',
   'RASPI_DEBUG_LOG' => 'raspap_debug.log',
   'RASPI_LOG_SIZE_LIMIT' =>  64,
+  'RASPI_SESSION_TIMEOUT' => 1440,
 
   // Constants for configuration file paths.
   // These are typical for default RPi installs. Modify if needed.

includes/footer.php

@@ -1,3 +1,5 @@
+<?php $_SESSION['lastActivity'] = time(); ?>
+
  <div class="d-flex align-items-center justify-content-between small">
   <div class="text-muted">
     <span class="pe-2"><a href="/about">v<?php echo RASPI_VERSION; ?></a></span>  |
@@ -8,3 +10,19 @@
   </div>
 </div>
 
+<div class="modal fade" id="sessionTimeoutModal" tabindex="-1" aria-labelledby="sessionTimeoutLabel" aria-hidden="true">
+  <div class="modal-dialog modal-dialog-centered">
+    <div class="modal-content">
+      <div class="modal-header">
+        <div class="modal-title" id="sessionTimeoutLabel"><i class="fa fa-clock me-2"></i><?php echo _("Session Expired"); ?></div>
+      </div>
+      <div class="modal-body">
+        <?php echo _("Your session has expired. Please login to continue.") ?>
+      </div>
+      <div class="modal-footer">
+        <button type="button" id="js-session-expired-login" class="btn btn-outline btn-primary"><?php echo _("Login"); ?></button>
+      </div>
+    </div>
+  </div>
+</div>
+

includes/session.php

@@ -3,3 +3,8 @@
 if (session_status() == PHP_SESSION_NONE) {
     session_start();
 }
+
+if (!isset($_SESSION['lastActivity'])) {
+    $_SESSION['lastActivity'] = time();
+}
+

index.php

@@ -23,6 +23,7 @@
  * as you leave these references intact in the header comments of your source files.
  */
 
+require 'includes/session.php';
 require 'includes/csrf.php';
 ensureCSRFSessionToken();