From ac5826daca697ccd6d49304f29ed7d6f2d84fe96 Mon Sep 17 00:00:00 2001
From: Aaron Lindsay <aaron@aclindsay.com>
Date: Sat, 18 Nov 2017 21:19:30 -0500
Subject: [PATCH] Add expiration and creation times to sessions

Check expiration time when fetching sessions from cookies
---
 internal/handlers/sessions.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/internal/handlers/sessions.go b/internal/handlers/sessions.go
index e6f5dab..55c9317 100644
--- a/internal/handlers/sessions.go
+++ b/internal/handlers/sessions.go
@@ -16,6 +16,8 @@ type Session struct {
 	SessionId     int64
 	SessionSecret string `json:"-"`
 	UserId        int64
+	Created       time.Time
+	Expires       time.Time
 }
 
 func (s *Session) Write(w http.ResponseWriter) error {
@@ -41,6 +43,11 @@ func GetSession(tx *Tx, r *http.Request) (*Session, error) {
 	if err != nil {
 		return nil, err
 	}
+
+	if s.Expires.Before(time.Now()) {
+		tx.Delete(&s)
+		return nil, fmt.Errorf("Session has expired")
+	}
 	return &s, nil
 }
 
@@ -86,7 +93,7 @@ func NewSession(tx *Tx, r *http.Request, userid int64) (*NewSessionWriter, error
 		return nil, err
 	}
 	if existing > 0 {
-		return nil, fmt.Errorf("%d session(s) exist with the generated session_secret")
+		return nil, fmt.Errorf("%d session(s) exist with the generated session_secret", existing)
 	}
 
 	cookie := http.Cookie{
@@ -101,6 +108,8 @@ func NewSession(tx *Tx, r *http.Request, userid int64) (*NewSessionWriter, error
 
 	s.SessionSecret = session_secret
 	s.UserId = userid
+	s.Created = time.Now()
+	s.Expires = cookie.Expires
 
 	err = tx.Insert(&s)
 	if err != nil {