fix: #9507 session reroll causes socket.io to become confused (#9534)

* fix: #9507 session reroll causes socket.io to become confused

* fix: added return

* fix: simpler logic for error handling

* fix: overly sensitive catch

public/language/en-GB/error.json

@@ -206,8 +206,11 @@
 	"no-users-selected": "No user(s) selected",
 	"invalid-home-page-route": "Invalid home page route",
 
-	"invalid-session": "Session Mismatch",
-	"invalid-session-text": "It looks like your login session is no longer active, or no longer matches with the server. Please refresh this page.",
+	"invalid-session": "Invalid Session",
+	"invalid-session-text": "It looks like your login session is no longer active. Please refresh this page.",
+
+	"session-mismatch": "Session Mismatch",
+	"session-mismatch-text": "It looks like your login session no longer matches with the server. Please refresh this page.",
 
 	"no-topics-selected": "No topics selected!",
 	"cant-move-to-same-topic": "Can't move post to same topic!",

public/src/app.js

@@ -181,9 +181,9 @@ app.cacheBuster = null;
 	app.alertError = function (message, timeout) {
 		message = (message && message.message) || message;
 
-		if (message === '[[error:invalid-session]]') {
-			app.handleInvalidSession();
-			app.logout(false);
+		if (message === '[[error:revalidate-failure]]') {
+			socket.disconnect();
+			app.reconnect();
 			return;
 		}
 
@@ -197,14 +197,27 @@ app.cacheBuster = null;
 	};
 
 	app.handleInvalidSession = function () {
+		socket.disconnect();
+		app.logout(false);
+		bootbox.alert({
+			title: '[[error:invalid-session]]',
+			message: '[[error:invalid-session-text]]',
+			closeButton: false,
+			callback: function () {
+				window.location.reload();
+			},
+		});
+	};
+
+	app.handleSessionMismatch = () => {
 		if (app.flags._login || app.flags._logout) {
 			return;
 		}
 
 		socket.disconnect();
 		bootbox.alert({
-			title: '[[error:invalid-session]]',
-			message: '[[error:invalid-session-text]]',
+			title: '[[error:session-mismatch]]',
+			message: '[[error:session-mismatch-text]]',
 			closeButton: false,
 			callback: function () {
 				window.location.reload();

public/src/sockets.js

@@ -74,9 +74,12 @@ socket = window.socket;
 
 		socket.on('checkSession', function (uid) {
 			if (parseInt(uid, 10) !== parseInt(app.user.uid, 10)) {
-				app.handleInvalidSession();
+				app.handleSessionMismatch();
 			}
 		});
+		socket.on('event:invalid_session', () => {
+			app.handleInvalidSession();
+		});
 
 		socket.on('setHostname', function (hostname) {
 			app.upstreamHost = hostname;

src/socket.io/index.js

@@ -86,7 +86,16 @@ function onDisconnect(socket) {
 	plugins.hooks.fire('action:sockets.disconnect', { socket: socket });
 }
 
-function onConnect(socket) {
+async function onConnect(socket) {
+	try {
+		await validateSession(socket, '[[error:invalid-session]]');
+	} catch (e) {
+		if (e.message === 'error:invalid-session') {
+			socket.emit('event:invalid_session');
+			return;
+		}
+	}
+
 	if (socket.uid) {
 		socket.join(`uid_${socket.uid}`);
 		socket.join('online_users');
@@ -143,7 +152,7 @@ async function onMessage(socket, payload) {
 
 	try {
 		await checkMaintenance(socket);
-		await validateSession(socket);
+		await validateSession(socket, '[[error:revalidate-failure]]');
 
 		if (Namespaces[namespace].before) {
 			await Namespaces[namespace].before(socket, eventName, params);
@@ -191,14 +200,14 @@ const getSessionAsync = util.promisify(
 	(sid, callback) => db.sessionStore.get(sid, (err, sessionObj) => callback(err, sessionObj || null))
 );
 
-async function validateSession(socket) {
+async function validateSession(socket, errorMsg) {
 	const req = socket.request;
 	if (!req.signedCookies || !req.signedCookies[nconf.get('sessionKey')]) {
 		return;
 	}
 	const sessionData = await getSessionAsync(req.signedCookies[nconf.get('sessionKey')]);
 	if (!sessionData) {
-		throw new Error('[[error:invalid-session]]');
+		throw new Error(errorMsg);
 	}
 	const result = await plugins.hooks.fire('static:sockets.validateSession', {
 		req: req,