feat: auto-rotate session after 24 hours

CHANGELOG.md

@@ -1,5 +1,7 @@
 ## Next
 
+- auto-rotate session after 24 hours ([#247](https://github.com/PostHog/posthog-android/pull/247))
+
 ## 3.14.1 - 2025-04-23
 
 - fix: Send correct `$feature_flag_response` for the `$feature_flag_called` event when calling `isFeatureEnabled` ([#244](https://github.com/PostHog/posthog-android/pull/244))

posthog/api/posthog.api

@@ -348,7 +348,12 @@ public final class com/posthog/internal/PostHogSessionManager {
 	public final fun getActiveSessionId ()Ljava/util/UUID;
 	public final fun isSessionActive ()Z
 	public final fun setSessionId (Ljava/util/UUID;)V
-	public final fun startSession ()V
+	public final fun startSession (Ljava/lang/Long;)V
+	public static synthetic fun startSession$default (Lcom/posthog/internal/PostHogSessionManager;Ljava/lang/Long;ILjava/lang/Object;)V
+}
+
+public final class com/posthog/internal/PostHogSessionManagerKt {
+	public static final field MAX_SESSION_AGE_MILLIS I
 }
 
 public final class com/posthog/internal/PostHogThreadFactory : java/util/concurrent/ThreadFactory {

posthog/src/main/java/com/posthog/PostHog.kt

@@ -1,5 +1,6 @@
 package com.posthog
 
+import com.posthog.internal.MAX_SESSION_AGE_MILLIS
 import com.posthog.internal.PostHogApi
 import com.posthog.internal.PostHogApiEndpoint
 import com.posthog.internal.PostHogMemoryPreferences
@@ -432,16 +433,18 @@ public class PostHog private constructor(
             }
 
             val mergedProperties =
-                buildProperties(
-                    newDistinctId,
-                    properties = properties,
-                    userProperties = userProperties,
-                    userPropertiesSetOnce = userPropertiesSetOnce,
-                    groups = groups,
-                    // only append shared props if not a snapshot event
-                    appendSharedProps = !snapshotEvent,
-                    // only append groups if not a group identify event and not a snapshot
-                    appendGroups = !groupIdentify,
+                enforceMaxSessionLength(
+                    buildProperties(
+                        newDistinctId,
+                        properties = properties,
+                        userProperties = userProperties,
+                        userPropertiesSetOnce = userPropertiesSetOnce,
+                        groups = groups,
+                        // only append shared props if not a snapshot event
+                        appendSharedProps = !snapshotEvent,
+                        // only append groups if not a group identify event and not a snapshot
+                        appendGroups = !groupIdentify,
+                    ),
                 )
 
             // sanitize the properties or fallback to the original properties
@@ -466,6 +469,35 @@ public class PostHog private constructor(
         }
     }
 
+    /**
+     * Because we use UUIDv7
+     * we can convert a session id into the session start timestamp
+     * and then use that to enforce the maximum session length
+     */
+    private fun enforceMaxSessionLength(buildProperties: Map<String, Any>): Map<String, Any> {
+        val sessionId = buildProperties["\$session_id"] ?: return buildProperties
+
+        val sessionStartTimestamp =
+            TimeBasedEpochGenerator.getTimestampFromUuid(UUID.fromString(sessionId.toString()))
+                ?: return buildProperties
+
+        val currentTimeMillis =
+            config?.dateProvider?.currentTimeMillis() ?: System.currentTimeMillis()
+        val sessionAge = currentTimeMillis - sessionStartTimestamp
+        if (sessionAge > MAX_SESSION_AGE_MILLIS) {
+            // rotate session
+            // update properties
+            PostHogSessionManager.endSession()
+            PostHogSessionManager.startSession(currentTimeMillis)
+            val newSessionId = PostHogSessionManager.getActiveSessionId().toString()
+            val newProps = buildProperties.toMutableMap()
+            newProps["\$session_id"] = newSessionId
+            newProps["\$window_id"] = newSessionId
+            return newProps
+        }
+        return buildProperties
+    }
+
     public override fun optIn() {
         if (!isEnabled()) {
             return

posthog/src/main/java/com/posthog/internal/PostHogSessionManager.kt

@@ -4,6 +4,8 @@ import com.posthog.PostHogInternal
 import com.posthog.vendor.uuid.TimeBasedEpochGenerator
 import java.util.UUID
 
+public const val MAX_SESSION_AGE_MILLIS: Int = 24 * 60 * 60 * 60
+
 /**
  * Class that manages the Session ID
  */
@@ -16,10 +18,15 @@ public object PostHogSessionManager {
 
     private var sessionId = sessionIdNone
 
-    public fun startSession() {
+    public fun startSession(sessionStartTime: Long? = null) {
         synchronized(sessionLock) {
             if (sessionId == sessionIdNone) {
-                sessionId = TimeBasedEpochGenerator.generate()
+                sessionId =
+                    if (sessionStartTime != null) {
+                        TimeBasedEpochGenerator.generate(sessionStartTime)
+                    } else {
+                        TimeBasedEpochGenerator.generate()
+                    }
             }
         }
     }

posthog/src/main/java/com/posthog/vendor/uuid/TimeBasedEpochGenerator.kt

@@ -142,4 +142,35 @@ internal object TimeBasedEpochGenerator {
             lock.unlock()
         }
     }
+
+    /**
+     * Extracts the Unix epoch timestamp in milliseconds from a UUID generated by this generator.
+     *
+     * @param uuid The UUID to extract the timestamp from.
+     * @return The Unix epoch timestamp in milliseconds, or null if the UUID is not a valid
+     *         Version 7 UUID.
+     */
+    fun getTimestampFromUuid(uuid: UUID): Long? {
+        // Check if it's a Version 7 UUID (version field is 7)
+        val version = (uuid.mostSignificantBits shr 12) and 0x0FL
+        if (version != TIME_BASED_EPOCH_RAW.toLong()) {
+            return null // Not a Version 7 UUID generated by this class
+        }
+
+        // Check if it's the standard UUID variant 10xx
+        val variant = (uuid.leastSignificantBits shr 62) and 0x03L
+        if (variant != 2L) {
+            return null // Not the standard UUID variant
+        }
+
+        // Split the UUID into its components
+        val parts = uuid.toString().split("-")
+
+        // The first part and first 4 chars of second part contain the high bits of the timestamp
+        val highBitsHex = parts[0] + parts[1].substring(0, 4)
+
+        // Convert the high bits from hex to decimal
+        // The UUID v7 timestamp is the number of milliseconds since Unix epoch
+        return highBitsHex.toLong(16)
+    }
 }

posthog/src/test/java/com/posthog/PostHogTest.kt

@@ -1,6 +1,9 @@
 package com.posthog
 
+import com.posthog.internal.FakePostHogDateProvider
 import com.posthog.internal.PostHogBatchEvent
+import com.posthog.internal.PostHogDateProvider
+import com.posthog.internal.PostHogDeviceDateProvider
 import com.posthog.internal.PostHogMemoryPreferences
 import com.posthog.internal.PostHogPreferences.Companion.GROUPS
 import com.posthog.internal.PostHogPrintLogger
@@ -12,6 +15,7 @@ import okhttp3.mockwebserver.MockResponse
 import org.junit.Rule
 import org.junit.rules.TemporaryFolder
 import java.io.File
+import java.util.Date
 import java.util.concurrent.Executors
 import kotlin.test.AfterTest
 import kotlin.test.Test
@@ -49,6 +53,7 @@ internal class PostHogTest {
         remoteConfig: Boolean = false,
         cachePreferences: PostHogMemoryPreferences = PostHogMemoryPreferences(),
         propertiesSanitizer: PostHogPropertiesSanitizer? = null,
+        dateProvider: PostHogDateProvider = PostHogDeviceDateProvider(),
     ): PostHogInterface {
         config =
             PostHogConfig(API_KEY, host).apply {
@@ -65,6 +70,7 @@ internal class PostHogTest {
                 this.cachePreferences = cachePreferences
                 this.propertiesSanitizer = propertiesSanitizer
                 this.remoteConfig = remoteConfig
+                this.dateProvider = dateProvider
             }
         return PostHog.withInternal(
             config,
@@ -1446,4 +1452,65 @@ internal class PostHogTest {
 
         sut.close()
     }
+
+    @Test
+    fun `reset session id after 24 hours`() {
+        val http = mockHttp()
+        val url = http.url("/")
+
+        val fakePostHogDateProvider = FakePostHogDateProvider()
+        fakePostHogDateProvider.setCurrentDate(Date())
+
+        val sut = getSut(url.toString(), preloadFeatureFlags = false, reloadFeatureFlags = false, dateProvider = fakePostHogDateProvider)
+
+        sut.capture(
+            EVENT,
+            DISTINCT_ID,
+            props,
+            userProperties = userProps,
+            userPropertiesSetOnce = userPropsOnce,
+            groups = groups,
+        )
+
+        queueExecutor.awaitExecution()
+
+        var request = http.takeRequest()
+
+        assertEquals(1, http.requestCount)
+        var content = request.body.unGzip()
+        var batch = serializer.deserialize<PostHogBatchEvent>(content.reader())
+
+        var theEvent = batch.batch.first()
+        val currentSessionId = theEvent.properties!!["\$session_id"]
+        assertNotNull(currentSessionId)
+
+        // jump forward by 24 hours
+        val oneDayLater = Date(fakePostHogDateProvider.currentDate().time + (24 * 60 * 60 * 1000))
+        fakePostHogDateProvider.setCurrentDate(oneDayLater)
+
+        sut.capture(
+            EVENT,
+            DISTINCT_ID,
+            props,
+            userProperties = userProps,
+            userPropertiesSetOnce = userPropsOnce,
+            groups = groups,
+        )
+
+        queueExecutor.shutdownAndAwaitTermination()
+
+        request = http.takeRequest()
+
+        assertEquals(2, http.requestCount)
+        content = request.body.unGzip()
+        batch = serializer.deserialize<PostHogBatchEvent>(content.reader())
+
+        theEvent = batch.batch.first()
+        val newSessionId = theEvent.properties!!["\$session_id"]
+        assertNotNull(newSessionId)
+
+        assertTrue(currentSessionId != newSessionId)
+
+        sut.close()
+    }
 }

posthog/src/test/java/com/posthog/internal/FakePostHogDateProvider.kt

@@ -29,10 +29,10 @@ internal class FakePostHogDateProvider : PostHogDateProvider {
     }
 
     override fun currentTimeMillis(): Long {
-        return System.currentTimeMillis()
+        return currentDate?.time ?: System.currentTimeMillis()
     }
 
     override fun nanoTime(): Long {
-        return System.nanoTime()
+        return currentDate?.time?.times(1000000) ?: System.nanoTime()
     }
 }

posthog/src/test/java/com/posthog/vendor/uuid/UUIDTest.kt

@@ -37,4 +37,27 @@ internal class UUIDTest {
 
         assertEquals(uuid.toString(), javaUuid.toString())
     }
+
+    @Test
+    fun `test getTimestampFromUuid can convert back to timestamp`() {
+        val uuid = TimeBasedEpochGenerator.generate()
+        assertNotNull(uuid)
+
+        val timestamp = TimeBasedEpochGenerator.getTimestampFromUuid(uuid)
+        assertNotNull(timestamp)
+    }
+
+    @Test
+    fun `test that a known UUID from posthog-js has the expected timestamp`() {
+        val uuid = UUID.fromString("0196a5a9-1a29-7eaf-8f1d-81d156d4819e")
+        val timestamp = TimeBasedEpochGenerator.getTimestampFromUuid(uuid)
+        assertEquals(1746536045097, timestamp)
+    }
+
+    @Test
+    fun `test that a known UUID from posthog-android has the expected timestamp`() {
+        val uuid = UUID.fromString("0196a5d6-ec0e-792c-a483-4a69cd57bba8")
+        val timestamp = TimeBasedEpochGenerator.getTimestampFromUuid(uuid)
+        assertEquals(1746539047950, timestamp)
+    }
 }