The isLoggedIn() method now makes sure that a jwt is in place and valid, before determining if you are logged in or not.

Author: lmajano

changelog.md

@@ -16,6 +16,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
+* The `isLoggedIn()` method now makes sure that a jwt is in place and valid, before determining if you are logged in or not.
 * Migrated all automated tests to `focal` and `mysql8` in preparation for latest updates
 * Add support for JSON/XML/model rules source when loading rules from modules.  Each module can now load rules not only inline but from the documented external sources.
 * Ensure non-configured `rules` default to empty array

models/jwt/JwtService.cfc

@@ -166,6 +166,15 @@ component accessors="true" singleton {
 	 * Shortcut function to our authentication services to check if we are logged in
 	 */
 	boolean function isLoggedIn(){
+		// We try to authenticate because we need the JWT to be validated for the request
+		// There are ocassions where the user could have logged out but the token is still active
+		// Or the inverse, where there is no more token passed and user still logged in in session.
+		try{
+			authenticate();
+		} catch( any e ){
+			return false;
+		}
+
 		return variables.cbSecurity.getAuthService().isLoggedIn();
 	}