TMVCEngine.GetCurrentSession ignores TWebSession.IsExpired

The class function  TMVCEngine.GetCurrentSession ignores the implementation of the IsExpired virtual function in the actual web session item.
Current code at line 2465 is
````  
      IsExpired := True;
      if List.TryGetValue(ASessionId, Result) then
        if (ASessionTimeout = 0) then
          IsExpired := MinutesBetween(Now, Result.LastAccess) > DEFAULT_SESSION_INACTIVITY
        else
          IsExpired := MinutesBetween(Now, Result.LastAccess) > ASessionTimeout;
````

But this should be

```` 
      IsExpired := True;
      if List.TryGetValue(ASessionId, Result) then
        IsExpired  := Result.IsExpired;
````
This allows the web session item to determine if the timeout has expired. E.g. when using an OAuth token to determine session lifetime

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

TMVCEngine.GetCurrentSession ignores TWebSession.IsExpired #355

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

TMVCEngine.GetCurrentSession ignores TWebSession.IsExpired #355

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions