Resend autologin key periodically to maintain useful lifetime

common/framework/Session.php

@@ -407,8 +407,8 @@ class Session
 	/**
 	 * Refresh the session.
 	 *
-	 * This method can be used to invalidate old session cookies.
+	 * This helps increase the lifetime for session cookies and autologin cookies
-	 * It is called automatically when someone logs in or out.
+	 * while the user is active on the site.
 	 *
 	 * @param bool $refresh_cookie
 	 * @return bool
@@ -428,23 +428,18 @@ class Session
 			'samesite' => $samesite,
 		);
 
-		// Set the domain initialization timestamp.
+		// Update the domain initialization timestamp.
-		if (!isset($_SESSION['RHYMIX']['domains'][$alt_domain]['started']))
+		$_SESSION['RHYMIX']['domains'][$alt_domain]['started'] = time();
-		{
-			$_SESSION['RHYMIX']['domains'][$alt_domain]['started'] = time();
-		}
 
-		// Reset the trusted information.
+		// Refresh the main session cookie and the autologin key.
-		if (!isset($_SESSION['RHYMIX']['domains'][$alt_domain]['trusted']))
-		{
-			$_SESSION['RHYMIX']['domains'][$alt_domain]['trusted'] = 0;
-		}
-
-		// Refresh the main session cookie.
 		if ($refresh_cookie)
 		{
 			self::destroyCookiesFromConflictingDomains(array(session_name()));
 			self::_setCookie(session_name(), session_id(), $options);
+			if (self::$_autologin_key = self::_getAutologinKey())
+			{
+				self::setAutologinKeys(substr(self::$_autologin_key, 0, 24), substr(self::$_autologin_key, 24, 24));
+			}
 		}
 
 		return true;

modules/member/member.controller.php

@@ -2233,6 +2233,10 @@ class MemberController extends Member
 			$args->autologin_key = $autologin_key;
 			$args->user_agent = json_encode(Rhymix\Framework\UA::getBrowserInfo());
 			$update_output = executeQuery('member.updateAutologin', $args);
+			if ($update_output->toBool())
+			{
+				Rhymix\Framework\Session::setAutologinKeys($autologin_key, $security_key);
+			}
 		}
 
 		// Update the last login time.