Refresh the token after the login

app/Controllers/Controller.php

@@ -38,10 +38,10 @@ abstract class Controller
     /**
      * @param $name
      *
-     * @throws DependencyException
+     * @return mixed|null
      * @throws NotFoundException
      *
-     * @return mixed|null
+     * @throws DependencyException
      */
     public function __get($name)
     {
@@ -74,14 +74,14 @@ abstract class Controller
     }
 
     /**
-     * @param Request $request
+     * @param  Request  $request
      * @param $id
-     * @param bool $authorize
+     * @param  bool  $authorize
      *
-     * @throws HttpNotFoundException
+     * @return mixed
      * @throws HttpUnauthorizedException
      *
-     * @return mixed
+     * @throws HttpNotFoundException
      */
     protected function getUser(Request $request, $id, $authorize = false)
     {
@@ -97,4 +97,33 @@ abstract class Controller
 
         return $user;
     }
+
+    /**
+     * @param $userId
+     * @throws \Exception
+     */
+    protected function refreshRememberCookie($userId)
+    {
+        $selector = bin2hex(random_bytes(8));
+        $token = bin2hex(random_bytes(32));
+        $expire = time() + 604800; // a week
+
+        $this->database->query('UPDATE `users` SET `remember_selector`=?, `remember_token`=?, `remember_expire`=? WHERE `id`=?', [
+            $selector,
+            password_hash($token, PASSWORD_DEFAULT),
+            date('Y-m-d\TH:i:s', $expire),
+            $userId,
+        ]);
+
+        // Workaround for php <= 7.3
+        if (PHP_VERSION_ID < 70300) {
+            setcookie('remember', "{$selector}:{$token}", $expire, '; SameSite=Lax', '', false, true);
+        } else {
+            setcookie('remember', "{$selector}:{$token}", [
+                'expires' => $expire,
+                'httponly' => true,
+                'samesite' => 'Lax',
+            ]);
+        }
+    }
 }

app/Controllers/LoginController.php

@@ -40,19 +40,16 @@ class LoginController extends Controller
 
         if (!$result || !password_verify(param($request, 'password'), $result->password)) {
             $this->session->alert(lang('bad_login'), 'danger');
-
             return redirect($response, route('login'));
         }
 
         if (isset($this->config['maintenance']) && $this->config['maintenance'] && !$result->is_admin) {
             $this->session->alert(lang('maintenance_in_progress'), 'info');
-
             return redirect($response, route('login'));
         }
 
         if (!$result->active) {
             $this->session->alert(lang('account_disabled'), 'danger');
-
             return redirect($response, route('login'));
         }
 
@@ -66,27 +63,7 @@ class LoginController extends Controller
         $this->logger->info("User $result->username logged in.");
 
         if (param($request, 'remember') === 'on') {
-            $selector = bin2hex(random_bytes(8));
-            $token = bin2hex(random_bytes(32));
-            $expire = time() + 604800; // a week
-
-            $this->database->query('UPDATE `users` SET `remember_selector`=?, `remember_token`=?, `remember_expire`=? WHERE `id`=?', [
-                $selector,
-                password_hash($token, PASSWORD_DEFAULT),
-                date('Y-m-d\TH:i:s', $expire),
-                $result->id,
-            ]);
-
-            // Workaround for php <= 7.3
-            if (PHP_VERSION_ID < 70300) {
-                setcookie('remember', "{$selector}:{$token}", $expire, '; SameSite=Lax', '', false, true);
-            } else {
-                setcookie('remember', "{$selector}:{$token}", [
-                    'expires'  => $expire,
-                    'httponly' => true,
-                    'samesite' => 'Lax',
-                ]);
-            }
+            $this->refreshRememberCookie($result->id);
         }
 
         if ($this->session->has('redirectTo')) {

app/Middleware/RememberMiddleware.php

@@ -9,10 +9,11 @@ use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
 class RememberMiddleware extends Middleware
 {
     /**
-     * @param Request        $request
-     * @param RequestHandler $handler
+     * @param  Request  $request
+     * @param  RequestHandler  $handler
      *
      * @return Response
+     * @throws \Exception
      */
     public function __invoke(Request $request, RequestHandler $handler)
     {
@@ -30,6 +31,8 @@ class RememberMiddleware extends Middleware
                 $this->session->set('admin', $result->is_admin);
                 $this->session->set('used_space', humanFileSize($this->getUsedSpaceByUser($result->id)));
             }
+
+            $this->refreshRememberCookie($result->id);
         }
 
         return $handler->handle($request);

app/Web/Session.php

@@ -42,7 +42,7 @@ class Session
             ]);
 
             if (!$started) {
-                throw new Exception("Cannot start the HTTP session. That the session path '{$path}' is writable and your PHP settings.");
+                throw new Exception("Cannot start the HTTP session. The session path '{$path}' is not writable.");
             }
         }
     }