From 8e9e5b08f9a00a6ecea9c9594f41af689892f205 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=91cze=20Bence?= <bence@pocze.ch>
Date: Sun, 9 May 2021 15:49:27 +0200
Subject: [PATCH] MAPG-230 renew session cookie if it already exists

---
 web.php | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/web.php b/web.php
index 215cc95..4d52673 100644
--- a/web.php
+++ b/web.php
@@ -74,13 +74,23 @@ if (isset($_COOKIE['COOKIES_CONSENT'])) {
 
     session_set_save_handler(Container::$sessionHandler, true);
     session_start([
-        'gc_maxlifetime' => 604800,
         'gc_probability' => 0, // old sessions are deleted by MaintainDatabaseCommand
-        'cookie_lifetime' => 604800, // TODO: cookie is not renewed so session can be lost
+        'cookie_lifetime' => 604800,
+        'cookie_path' => '/',
         'cookie_httponly' => true,
         'cookie_samesite' => 'Lax'
     ]);
 
+    if (isset($_COOKIE[session_name()])) {
+        // extend session cookie lifetime is cookie already exists
+        setcookie(session_name(), session_id(), [
+            'expires' => time() + 604800,
+            'path' => '/',
+            'httponly' => true,
+            'samesite' => 'Lax'
+        ]);
+    }
+
     // this is needed to handle old type of session IDs
     if (!Container::$sessionHandler->validateId(session_id())) {
         session_regenerate_id(true);
-- 
2.45.2