Update: 2026-05-04 17:29:56

app/middleware/AuthMiddleware.php

@@ -31,7 +31,17 @@ final class AuthMiddleware
         $decoded = JWT::decode($token, $secret);
         
         if (!$decoded) {
-            json_error('Unauthorized: Invalid or expired token', 401);
+            // Check if it's specifically expired if your JWT class supports it, 
+            // otherwise just send the standard 401 with a code.
+            http_response_code(401);
+            header('Content-Type: application/json');
+            echo json_encode([
+                'success' => false,
+                'message' => 'انتهت صلاحية الجلسة',
+                'code'    => 'TOKEN_EXPIRED',
+                'redirect'=> '/login.php'
+            ]);
+            exit;
         }
 
         return $decoded;