enhanced token management by adding optional expiry refresh in token_get_record and updated session API documentation
Some checks failed
PHPUnit / test (push) Has been cancelled

This commit is contained in:
2026-06-24 10:23:19 +02:00
parent b02f264b23
commit 67858d34d9
4 changed files with 43 additions and 10 deletions

View File

@ -1,7 +1,7 @@
<?php
/**
* GET /api/session — verify Bearer token is still active (website session check).
* GET /api/session — verify Bearer token is still active and return role metadata.
*/
if ($method !== 'GET') {
@ -19,9 +19,6 @@ if (!$rec) {
}
$role = (string)($rec['role'] ?? '');
if ($role === 'coach') {
json_error('FORBIDDEN', 'Counselor accounts can only sign in through the mobile app.', 403);
}
$username = '';
if (($rec['userID'] ?? '') !== '') {