[BUG] - Multiple sessions in the table

[walkerairtrans]

Describe the bug

I see that you were aiming to have primary key be both pilotID and sessionID, however, your sessionID is never unique because of how you generate it. The encode on the expiry causes your session ID to change.

I ended up with 27 rows of my session showing up in the table.

How do you reproduce this bug?

1. Log in
2. Check smartCARS3_Sessions table
3. See multiple login sessions for the same PID.

Expected behavior

Shouldn't be multiple sessions.

Screenshots

Operating system

Windows 11

Community airline

Walker Air Transport

smartCARS Version

0.9.0

Plugins installed

chat, map, flight center, flight tracker, logbook

Additional context

$expiry = time() + 604800; $JWTHeader = json_encode(array('typ' => 'JWT', 'alg' => 'HS256')); $JWTPayload = json_encode(array('sub' => $result['pilotid'], 'exp' => $expiry)); $JWTHeader = strreplace(array('+', '/', '='), array('-', '', ''), base64_encode($JWTHeader)); $JWTPayload = strreplace(array('+', '/', '='), array('-', '', ''), base64_encode($JWTPayload)); $JWTSignature = hash_hmac('sha256', $JWTHeader . '.' . $JWTPayload, uniqid('', true), true); $JWTSignature = strreplace(array('+', '/', '='), array('-', '', ''), base64_encode($JWTSignature)); $jwt = $JWTHeader . '.' . $JWTPayload . '.' . $JWTSignature; $database->insert('smartCARS3_Sessions', array('pilotID' => $result['pilotid'], 'sessionID' => $jwt, 'expiry' => $expiry));

[GenericNerd]

This isn't a bug, but intentional behaviour to combat sessions clashing and becoming invalid during the login of another user.