Merge pull request #490 from psr7-sessions/dependabot/composer/vimeo/…

…psalm-4.27.0

Build(deps-dev): bump vimeo/psalm from 4.26.0 to 4.27.0

composer.json

@@ -38,7 +38,7 @@
         "psalm/plugin-phpunit":                   "^0.17.0",
         "roave/infection-static-analysis-plugin": "^1.22.0",
         "squizlabs/php_codesniffer":              "^3.7.1",
-        "vimeo/psalm":                            "^4.26.0"
+        "vimeo/psalm":                            "^4.27.0"
     },
     "config": {
         "allow-plugins": {

src/Storageless/Http/SessionMiddleware.php

@@ -46,6 +46,7 @@
 use PSR7Sessions\Storageless\Session\SessionInterface;
 use stdClass;
 
+use function assert;
 use function date_default_timezone_get;
 use function sprintf;
 
@@ -55,9 +56,7 @@ final class SessionMiddleware implements MiddlewareInterface
     public const SESSION_ATTRIBUTE    = 'session';
     public const DEFAULT_COOKIE       = '__Secure-slsession';
     public const DEFAULT_REFRESH_TIME = 60;
-
     private Configuration $config;
-
     private SetCookie $defaultCookie;
 
     public function __construct(
@@ -209,8 +208,12 @@ private function appendToken(SessionInterface $sessionContainer, Response $respo
 
     private function shouldTokenBeRefreshed(Token|null $token): bool
     {
+        $refreshTime = $this->clock->now()->sub(new DateInterval(sprintf('PT%sS', $this->refreshTime)));
+
+        assert($refreshTime !== false);
+
         return $token !== null
-            && $token->hasBeenIssuedBefore($this->clock->now()->sub(new DateInterval(sprintf('PT%sS', $this->refreshTime))));
+            && $token->hasBeenIssuedBefore($refreshTime);
     }
 
     /** @throws BadMethodCallException */
@@ -237,6 +240,8 @@ private function getExpirationCookie(): SetCookie
     {
         $expirationDate = $this->clock->now()->modify('-30 days');
 
+        assert($expirationDate !== false);
+
         return $this
             ->defaultCookie
             ->withValue(null)