From 8f1829e3f1b016133a786cb8179fe03d4832e5ca Mon Sep 17 00:00:00 2001
From: Matthias Kalb <matkay@matkay.eu>
Date: Fri, 26 Oct 2018 19:04:49 +0200
Subject: [PATCH] added removal of expired sessions on check for valid session

---
 php/auth.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/php/auth.php b/php/auth.php
index e30c289..7672ae6 100644
--- a/php/auth.php
+++ b/php/auth.php
@@ -3,6 +3,9 @@
   include $_SESSION["docroot"].'/php/connect.php';
   if(!(preg_match("/error.+/", $_SERVER["REQUEST_URI"])))
   {
+    # clear expired sessions from the database
+    $mysqli->query('DELETE FROM `sessions` WHERE `expires` < NOW();');
+
     $result = $mysqli->query('SELECT * FROM `sessions` WHERE `session_id` = \''.$_COOKIE["token"].'\';');
 
     if($result->num_rows == 0 && (!(in_array("site", array_keys($_GET))) || $_GET["site"]!="login"))