# Phase 5 Rollback — Session Management

## What Phase 5 Added

**New files:**
- `app/Http/Controllers/Wani/SessionController.php`

**Modified files:**
- `routes/api.php` — added SessionController import + `/session/end` + `/session/status` routes
- `app/Http/Controllers/Wani/AuthController.php` — validate endpoint now auto-creates a `wifi_sessions` row
- `app/Models/WifiSession.php` — added `token`, `status`, `plan_id`, `router_ip` to `$fillable`

**Database changes:** NONE — reuses existing `wifi_sessions` table (already has all needed columns)

## How to Roll Back (Local)

```bash
cd c:/xampp/htdocs/Android_App/pmwani_mobile_app_backend

# 1. Restore modified files
cp rollback/phase-5/api.php.before routes/api.php
cp rollback/phase-5/AuthController.php.before app/Http/Controllers/Wani/AuthController.php
cp rollback/phase-5/WifiSession.php.before app/Models/WifiSession.php

# 2. Delete new files
rm app/Http/Controllers/Wani/SessionController.php

# 3. Clear caches
php artisan config:clear
php artisan route:clear
php artisan cache:clear
```

After rollback, back to Phase 4 state.

## Impact If NOT Rolled Back

- **Zero functional impact** on existing JSON API
- Existing mobile-app wifi sessions logic untouched
- `WifiSession` model is **additive-only** — adding to `$fillable` is a non-breaking change (unused fields just stay empty when created elsewhere)
- Adds two new XML routes:
  - `POST /api/wani/v1/session/end`
  - `GET /api/wani/v1/session/status?token=xxx`
- Modifies `/api/wani/v1/auth/validate` to ALSO create a wifi_sessions row on success
  - Response now includes `<SessionToken>` and `<SessionId>` fields (additive, backward-compatible)

## Phase 5 Verification

### Test 1: Auth validate creates session

Run Phase 4 auth/validate test — response should now include:
```xml
<AccessResponse>
  <Status>AUTHORIZED</Status>
  <SessionTime>1800</SessionTime>
  <UserId>42</UserId>
  <SessionToken>new48charsessiontoken</SessionToken>
  <SessionId>103</SessionId>
</AccessResponse>
```

### Test 2: Check session status

```bash
curl "https://flutter.pmwani.net/api/wani/v1/session/status?token=PASTE_SESSION_TOKEN"
```

Expected:
```xml
<SessionStatusResponse>
  <Status>ACTIVE</Status>
  <SessionId>103</SessionId>
  <UserId>42</UserId>
  <StartedAt>2026-04-21T12:00:00+00:00</StartedAt>
  <EndedAt></EndedAt>
  <ElapsedSeconds>342</ElapsedSeconds>
  <DurationSeconds>0</DurationSeconds>
  <DataUsedBytes>0</DataUsedBytes>
</SessionStatusResponse>
```

### Test 3: End session

```bash
curl -X POST "https://flutter.pmwani.net/api/wani/v1/session/end" \
  -H "Content-Type: application/xml" \
  -d '<?xml version="1.0"?>
<SessionEnd>
  <Token>PASTE_SESSION_TOKEN</Token>
  <DataUsedBytes>524288000</DataUsedBytes>
</SessionEnd>'
```

Expected:
```xml
<SessionEndResponse>
  <Status>ENDED</Status>
  <SessionId>103</SessionId>
  <DurationSeconds>600</DurationSeconds>
  <DataUsedBytes>524288000</DataUsedBytes>
  <DataUsedMB>500</DataUsedMB>
  <EndedAt>2026-04-21T12:10:00+00:00</EndedAt>
</SessionEndResponse>
```

### Test 4: Error cases

**Invalid token:** → `<Error><Code>SESSION_NOT_FOUND</Code></Error>`
**Re-end same session:** → `<Error><Code>SESSION_NOT_ACTIVE</Code></Error>` (since status became 'terminated')

## Server Deployment Commands

```bash
cd c:/xampp/htdocs/Android_App/pmwani_mobile_app_backend

# Upload new + modified files
scp -P 21212 app/Http/Controllers/Wani/SessionController.php immunity@147.93.30.127:/var/www/mobile_app_backend/app/Http/Controllers/Wani/SessionController.php
scp -P 21212 app/Http/Controllers/Wani/AuthController.php immunity@147.93.30.127:/var/www/mobile_app_backend/app/Http/Controllers/Wani/AuthController.php
scp -P 21212 app/Models/WifiSession.php immunity@147.93.30.127:/var/www/mobile_app_backend/app/Models/WifiSession.php
scp -P 21212 routes/api.php immunity@147.93.30.127:/var/www/mobile_app_backend/routes/api.php

# Clear server caches
ssh immunity@147.93.30.127 -p 21212 "cd /var/www/mobile_app_backend && php artisan config:clear && php artisan route:clear && php artisan cache:clear"
```

## Server Rollback Commands

```bash
cd c:/xampp/htdocs/Android_App/pmwani_mobile_app_backend

# Restore files from backup
scp -P 21212 rollback/phase-5/api.php.before immunity@147.93.30.127:/var/www/mobile_app_backend/routes/api.php
scp -P 21212 rollback/phase-5/AuthController.php.before immunity@147.93.30.127:/var/www/mobile_app_backend/app/Http/Controllers/Wani/AuthController.php
scp -P 21212 rollback/phase-5/WifiSession.php.before immunity@147.93.30.127:/var/www/mobile_app_backend/app/Models/WifiSession.php

# Delete new controller on server
ssh immunity@147.93.30.127 -p 21212 "rm /var/www/mobile_app_backend/app/Http/Controllers/Wani/SessionController.php && cd /var/www/mobile_app_backend && php artisan config:clear && php artisan route:clear && php artisan cache:clear"
```

## Important Notes

- **`wifi_sessions` table is shared** — your existing mobile app code (`WifiSessionController`) still reads/writes to it normally. The new XML endpoints are additive.
- **Phase 4 auth/validate response is backward-compatible** — only adds new fields (`SessionToken`, `SessionId`), doesn't remove or rename anything.
- **Rate limiting:**
  - `/session/end` and `/session/status` — 30 req/min per IP (higher than auth since clients may poll)
- **No background cleanup job** — expired sessions stay in DB until manually cleaned. Consider adding a daily prune later.