public function handleTokenRefreshRequest()
{
if (!elgg_is_xhr()) {
return false;
}
// the page's session_token might have expired (not matching __elgg_session in the session), but
// we still allow it to be given to validate the tokens in the page.
$session_token = get_input('session_token', null, false);
$pairs = (array) get_input('pairs', array(), false);
$valid_tokens = (object) array();
foreach ($pairs as $pair) {
list($ts, $token) = explode(',', $pair, 2);
if ($this->validateTokenOwnership($token, $ts, $session_token)) {
$valid_tokens->{$token} = true;
}
}
$ts = $this->getCurrentTime()->getTimestamp();
$token = $this->generateActionToken($ts);
$data = array('token' => array('__elgg_ts' => $ts, '__elgg_token' => $token, 'logged_in' => $this->session->isLoggedIn()), 'valid_tokens' => $valid_tokens, 'session_token' => $this->session->get('__elgg_session'), 'user_guid' => $this->session->getLoggedInUserGuid());
elgg_set_http_header("Content-Type: application/json;charset=utf-8");
return elgg_ok_response($data);
}