session_expiration.rb in rodauth-2.0.0

- old
+ new

@@ -1,13 +1,14 @@
 # frozen-string-literal: true
 
 module Rodauth
   Feature.define(:session_expiration, :SessionExpiration) do
-    error_flash "This session has expired, please login again."
+    error_flash "This session has expired, please login again"
 
     auth_value_method :max_session_lifetime, 86400
     session_key :session_created_session_key, :session_created_at
+    auth_value_method :session_expiration_error_status, 401
     auth_value_method :session_expiration_default, true
     auth_value_method :session_inactivity_timeout, 1800
     session_key :session_last_activity_session_key, :last_session_activity_at
 
     auth_value_methods :session_expiration_redirect
@@ -35,21 +36,22 @@
       end
     end
 
     def expire_session
       clear_session
+      set_redirect_error_status session_expiration_error_status
       set_redirect_error_flash session_expiration_error_flash
       redirect session_expiration_redirect
     end
 
     def session_expiration_redirect
       require_login_redirect
     end
 
-    private
-
     def update_session
       super
-      session[session_last_activity_session_key] = session[session_created_session_key] = Time.now.to_i
+      t = Time.now.to_i
+      set_session_value(session_last_activity_session_key, t)
+      set_session_value(session_created_session_key, t)
     end
   end
 end