From 4a168ae6c0a5605244d926e00ec766a4ebf060b6 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Sat, 9 May 2026 00:58:35 +0200
Subject: [PATCH] Fix last_activity and last_seq checks.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/usb/lwip/rest_server.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/usb/lwip/rest_server.c b/src/usb/lwip/rest_server.c
index 80ec06b..ff970cb 100644
--- a/src/usb/lwip/rest_server.c
+++ b/src/usb/lwip/rest_server.c
@@ -801,7 +801,8 @@ void rest_handle_request(rest_conn_t *conn) {
                 send_json_error(conn, 401, "session_expired");
                 return;
             }
-            if (rest_request_get_seq(request) < session->last_seq) {
+            uint32_t req_seq = rest_request_get_seq(request);
+            if (req_seq <= session->last_seq) {
                 send_json_error(conn, 401, "invalid_seq");
                 return;
             }
@@ -809,6 +810,8 @@ void rest_handle_request(rest_conn_t *conn) {
                 send_json_error(conn, 401, "invalid_signature");
                 return;
             }
+            session->last_activity_timestamp = board_millis();
+            session->last_seq = req_seq;
             request->session = session;
         }
         if (request->method == REST_HTTP_POST && strcmp(request->path, "/device/jobs/cancel") == 0) {