feat: session without autosignin will expire

Signed-off-by: Kininaru <shiftregister233@outlook.com>
2025-07-02 11:20:18 +08:00 · 2021-07-18 07:54:49 +08:00
parent d83b86df37
commit 4a930121c4
5 changed files with 63 additions and 2 deletions
--- a/controllers/account.go
+++ b/controllers/account.go
@ -52,6 +52,8 @@ type RequestForm struct {
 	EmailCode   string `json:"emailCode"`
 	PhoneCode   string `json:"phoneCode"`
 	PhonePrefix string `json:"phonePrefix"`
+
+	AutoSignin bool `json:"autoSignin"`
 }

 type Response struct {
@ -185,6 +187,7 @@ func (c *ApiController) Logout() {
 	util.LogInfo(c.Ctx, "API: [%s] logged out", user)

 	c.SetSessionUsername("")
+	c.SetSessionData(nil)

 	resp = Response{Status: "ok", Msg: "", Data: user}

--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -19,6 +19,7 @@ import (
 	"fmt"
 	"strconv"
 	"strings"
+	"time"

 	"github.com/astaxie/beego"
 	"github.com/casdoor/casdoor/idp"
@ -58,6 +59,16 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 	} else {
 		resp = &Response{Status: "error", Msg: fmt.Sprintf("Unknown response type: %s", form.Type)}
 	}
+
+	// if user did not check auto signin
+	if resp.Status == "ok" && !form.AutoSignin {
+		timestamp := time.Now().Unix()
+		timestamp += 3600 * 24
+		c.SetSessionData(&SessionData{
+			ExpireTime: timestamp,
+		})
+	}
+
 	return resp
 }

--- a/controllers/base.go
+++ b/controllers/base.go
@ -14,13 +14,32 @@

 package controllers

-import "github.com/astaxie/beego"
+import (
+	"time"
+
+	"github.com/astaxie/beego"
+	"github.com/casdoor/casdoor/util"
+)

 type ApiController struct {
 	beego.Controller
 }

+type SessionData struct {
+	ExpireTime int64
+}
+
 func (c *ApiController) GetSessionUsername() string {
+	// check if user session expired
+	sessionData := c.GetSessionData()
+	if sessionData != nil &&
+		sessionData.ExpireTime != 0 &&
+		sessionData.ExpireTime < time.Now().Unix() {
+		c.SetSessionUsername("")
+		c.SetSessionData(nil)
+		return ""
+	}
+
 	user := c.GetSession("username")
 	if user == nil {
 		return ""
@ -33,6 +52,30 @@ func (c *ApiController) SetSessionUsername(user string) {
 	c.SetSession("username", user)
 }

+func (c *ApiController) GetSessionData() *SessionData {
+	session := c.GetSession("SessionData")
+	if session == nil {
+		return nil
+	}
+
+	sessionData := &SessionData{}
+	err := util.JsonToStruct(session.(string), sessionData)
+	if err != nil {
+		panic(err)
+	}
+
+	return sessionData
+}
+
+func (c *ApiController) SetSessionData(s *SessionData) {
+	if s == nil {
+		c.DelSession("SessionData")
+		return
+	}
+
+	c.SetSession("SessionData", util.StructToJson(s))
+}
+
 func wrapActionResponse(affected bool) *Response {
 	if affected {
 		return &Response{Status: "ok", Msg: "", Data: "Affected"}
--- a/util/json.go
+++ b/util/json.go
@ -25,3 +25,7 @@ func StructToJson(v interface{}) string {

 	return string(data)
 }
+
+func JsonToStruct(data string, v interface{}) error {
+	return json.Unmarshal([]byte(data), v)
+}
--- a/web/src/auth/LoginPage.js
+++ b/web/src/auth/LoginPage.js
@ -278,7 +278,7 @@ class LoginPage extends React.Component {
            />
          </Form.Item>
          <Form.Item>
-            <Form.Item name="remember" valuePropName="checked" noStyle>
+            <Form.Item name="autoSignin" valuePropName="checked" noStyle>
              <Checkbox style={{float: "left"}} disabled={!application.enablePassword}>
                {i18next.t("login:Auto login")}
              </Checkbox>