enhanced token management by adding optional expiry refresh in token_get_record and updated session API documentation
Some checks failed
PHPUnit / test (push) Has been cancelled
Some checks failed
PHPUnit / test (push) Has been cancelled
This commit is contained in:
@ -1,7 +1,7 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* GET /api/session — verify Bearer token is still active (website session check).
|
||||
* GET /api/session — verify Bearer token is still active and return role metadata.
|
||||
*/
|
||||
|
||||
if ($method !== 'GET') {
|
||||
@ -19,9 +19,6 @@ if (!$rec) {
|
||||
}
|
||||
|
||||
$role = (string)($rec['role'] ?? '');
|
||||
if ($role === 'coach') {
|
||||
json_error('FORBIDDEN', 'Counselor accounts can only sign in through the mobile app.', 403);
|
||||
}
|
||||
|
||||
$username = '';
|
||||
if (($rec['userID'] ?? '') !== '') {
|
||||
|
||||
Reference in New Issue
Block a user