From 99fcf33e68ca770d1833e43b5ca607201c03a9bd Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 7 Apr 2026 03:33:57 +0000
Subject: [PATCH 1/2] Initial plan


From 47add3a19bb840654976c728fa5f49a34e77e868 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 7 Apr 2026 03:38:12 +0000
Subject: [PATCH 2/2] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E5=BE=AE=E4=BF=A1?=
 =?UTF-8?q?=E5=B0=8F=E7=A8=8B=E5=BA=8F=E6=A3=80=E6=9F=A5=E7=99=BB=E5=BD=95?=
 =?UTF-8?q?=E7=8A=B6=E6=80=81=EF=BC=88checkSessionKey=EF=BC=89=E6=8E=A5?=
 =?UTF-8?q?=E5=8F=A3=E5=AE=9E=E7=8E=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Agent-Logs-Url: https://github.com/binarywang/WxJava/sessions/d488dd87-3bc7-4498-a3df-99d106a68abe

Co-authored-by: binarywang <1343140+binarywang@users.noreply.github.com>
---
 .../wx/miniapp/api/WxMaUserService.java          | 16 ++++++++++++++++
 .../wx/miniapp/api/impl/WxMaUserServiceImpl.java |  9 +++++++++
 .../wx/miniapp/constant/WxMaApiUrlConstants.java |  3 +++
 .../api/impl/WxMaUserServiceImplTest.java        |  6 ++++++
 4 files changed, 34 insertions(+)

diff --git a/weixin-java-miniapp/src/main/java/cn/binarywang/wx/miniapp/api/WxMaUserService.java b/weixin-java-miniapp/src/main/java/cn/binarywang/wx/miniapp/api/WxMaUserService.java
index 008c025f1c..bc8b69a14f 100644
--- a/weixin-java-miniapp/src/main/java/cn/binarywang/wx/miniapp/api/WxMaUserService.java
+++ b/weixin-java-miniapp/src/main/java/cn/binarywang/wx/miniapp/api/WxMaUserService.java
@@ -108,4 +108,20 @@ public interface WxMaUserService {
    * @throws WxErrorException 调用微信接口失败时抛出
    */
   WxMaCode2VerifyInfoResult getCode2VerifyInfo(String code, String checkcode) throws WxErrorException;
+
+  /**
+   * 检查登录态（checkSessionKey）.
+   * <p>
+   * 检验登录态是否有效，用于虚拟支付等场景构建用户签名前的登录态验证。
+   * 登录态有效时返回 {@code true}；登录态已失效时，微信服务端将返回错误码（如 87009），
+   * 并以 {@link me.chanjar.weixin.common.error.WxErrorException} 的形式抛出。
+   * </p>
+   * 文档地址：<a href="https://developers.weixin.qq.com/miniprogram/dev/server/API/user-login/api_checksessionkey.html">检查登录态</a>
+   *
+   * @param openid     用户唯一标识符
+   * @param sessionKey 用户的 session_key，通过 {@link #getSessionInfo(String)} 获取
+   * @return 登录态有效时返回 {@code true}
+   * @throws WxErrorException 登录态已失效或调用微信接口失败时抛出（失效时 errcode 为 87009）
+   */
+  boolean checkSessionKey(String openid, String sessionKey) throws WxErrorException;
 }
diff --git a/weixin-java-miniapp/src/main/java/cn/binarywang/wx/miniapp/api/impl/WxMaUserServiceImpl.java b/weixin-java-miniapp/src/main/java/cn/binarywang/wx/miniapp/api/impl/WxMaUserServiceImpl.java
index 5c850ee8a2..c9c7a7b773 100644
--- a/weixin-java-miniapp/src/main/java/cn/binarywang/wx/miniapp/api/impl/WxMaUserServiceImpl.java
+++ b/weixin-java-miniapp/src/main/java/cn/binarywang/wx/miniapp/api/impl/WxMaUserServiceImpl.java
@@ -19,6 +19,7 @@
 
 import java.util.Map;
 
+import static cn.binarywang.wx.miniapp.constant.WxMaApiUrlConstants.User.CHECK_SESSION_KEY_URL;
 import static cn.binarywang.wx.miniapp.constant.WxMaApiUrlConstants.User.CODE_2_VERIFY_INFO_URL;
 import static cn.binarywang.wx.miniapp.constant.WxMaApiUrlConstants.User.GET_PHONE_NUMBER_URL;
 import static cn.binarywang.wx.miniapp.constant.WxMaApiUrlConstants.User.SET_USER_STORAGE;
@@ -97,4 +98,12 @@ public WxMaCode2VerifyInfoResult getCode2VerifyInfo(String code, String checkcod
     return WxMaCode2VerifyInfoResult.fromJson(responseContent);
   }
 
+  @Override
+  public boolean checkSessionKey(String openid, String sessionKey) throws WxErrorException {
+    String signature = SignUtils.createHmacSha256Sign(openid, sessionKey);
+    String url = String.format(CHECK_SESSION_KEY_URL, openid, signature);
+    this.service.get(url, null);
+    return true;
+  }
+
 }
diff --git a/weixin-java-miniapp/src/main/java/cn/binarywang/wx/miniapp/constant/WxMaApiUrlConstants.java b/weixin-java-miniapp/src/main/java/cn/binarywang/wx/miniapp/constant/WxMaApiUrlConstants.java
index 40633ea6df..86fa58ac6c 100644
--- a/weixin-java-miniapp/src/main/java/cn/binarywang/wx/miniapp/constant/WxMaApiUrlConstants.java
+++ b/weixin-java-miniapp/src/main/java/cn/binarywang/wx/miniapp/constant/WxMaApiUrlConstants.java
@@ -366,6 +366,9 @@ public interface User {
     String GET_PHONE_NUMBER_URL = "https://api.weixin.qq.com/wxa/business/getuserphonenumber";
     /** 多端登录验证接口 */
     String CODE_2_VERIFY_INFO_URL = "https://api.weixin.qq.com/wxa/sec/checkcode2verifyinfo";
+    /** 检查登录态接口 */
+    String CHECK_SESSION_KEY_URL =
+        "https://api.weixin.qq.com/wxa/checksessionkey?openid=%s&signature=%s&sig_method=hmac_sha256";
   }
 
   public interface Ocr {
diff --git a/weixin-java-miniapp/src/test/java/cn/binarywang/wx/miniapp/api/impl/WxMaUserServiceImplTest.java b/weixin-java-miniapp/src/test/java/cn/binarywang/wx/miniapp/api/impl/WxMaUserServiceImplTest.java
index 7c6d610821..5b56791e33 100644
--- a/weixin-java-miniapp/src/test/java/cn/binarywang/wx/miniapp/api/impl/WxMaUserServiceImplTest.java
+++ b/weixin-java-miniapp/src/test/java/cn/binarywang/wx/miniapp/api/impl/WxMaUserServiceImplTest.java
@@ -81,4 +81,10 @@ public void testSetUserStorage() throws WxErrorException {
   public void testGetAccessToken() throws Exception{
     assertNotNull(wxService.getAccessToken(true));
   }
+
+  @Test(expectedExceptions = WxErrorException.class)
+  public void testCheckSessionKey() throws WxErrorException {
+    // 使用无效的 openid 和 sessionKey，预期微信服务端返回错误（如 errcode=87009）并抛出 WxErrorException
+    this.wxService.getUserService().checkSessionKey("invalid_openid", "invalid_session_key");
+  }
 }