diff options
author | Marius David Wieschollek <passwords.public@mdns.eu> | 2021-01-16 23:05:31 +0300 |
---|---|---|
committer | Marius David Wieschollek <passwords.public@mdns.eu> | 2021-01-16 23:05:31 +0300 |
commit | 2ca861596443192b46f6caefe33dad74fcc24009 (patch) | |
tree | b14ecbe87a313be606ce25f04c161a16f90b6c3a /src | |
parent | c37ee213cb90915cd0251bbcc11605592c60ad76 (diff) |
Fix session overwrite from cached results
Signed-off-by: Marius David Wieschollek <passwords.public@mdns.eu>
Diffstat (limited to 'src')
-rw-r--r-- | src/Model/Session/Session.js | 1 | ||||
-rw-r--r-- | src/Network/ApiRequest.js | 22 |
2 files changed, 22 insertions, 1 deletions
diff --git a/src/Model/Session/Session.js b/src/Model/Session/Session.js index f01f398..5a02bac 100644 --- a/src/Model/Session/Session.js +++ b/src/Model/Session/Session.js @@ -21,6 +21,7 @@ export default class Session { */ setId(value) { this._id = value; + this._authorized = false; return this; } diff --git a/src/Network/ApiRequest.js b/src/Network/ApiRequest.js index 1c0dd1a..1e975af 100644 --- a/src/Network/ApiRequest.js +++ b/src/Network/ApiRequest.js @@ -126,7 +126,7 @@ export default class ApiRequest { .setHttpStatus(httpResponse.status) .setHttpResponse(httpResponse); - this._session.setId(httpResponse.headers.get('x-api-session')); + this._updateSessionId(httpResponse); if(this._responseType !== null && contentType && contentType.indexOf(this._responseType) === -1) { let error = this._api.getClass('exception.contenttype', this._responseType, contentType, httpResponse); @@ -145,6 +145,26 @@ export default class ApiRequest { /** * + * @param httpResponse + * @private + */ + _updateSessionId(httpResponse) { + if(httpResponse.headers.has('x-api-session')) { + if(httpResponse.headers.has('cache-control') && httpResponse.headers.get('cache-control').indexOf('immutable') !== -1) return; + if(httpResponse.headers.has('pragma') && httpResponse.headers.get('pragma') === 'cache') return; + + if(httpResponse.headers.has('date')) { + let date = new Date(httpResponse.headers.get('date')), + now = Date.now() - 300000; + if(date.getTime() < now) return; + } + + this._session.setId(httpResponse.headers.get('x-api-session')); + } + } + + /** + * * @return {{redirect: string, headers: Headers, method: string, credentials: string}} * @private */ |