Contrib.social

Reset Session dialog not triggered when inactive on admin pages

Open on Drupal.org →
Created on 29 November 2023, 9 months ago

Problem/Motivation

Reset Session dialog not triggered when inactive on admin pages.
It is displayed on homepage when there is no activity but not on admin pages and logouts the user.
On content page it doesn't show Reset Session dialog even though there is no activity.

Steps to reproduce

Enable Auto logout Module and set the timer for inactivity to 65 seconds and stay on homepage or admin page or content edit page and observe the above reported scenarios.

Installed Version

composer show drupal/autologout
name     : drupal/autologout
descrip. : Adds automated timed logout.
keywords :
versions : * 1.x-dev, * dev-1.x
type     : drupal-module
license  : GNU General Public License v2.0 or later (GPL-2.0-or-later) (OSI approved) https://spdx.org/licenses/GPL-2.0-or-later.html#licenseText
homepage : http://drupal.org/project/autologout
source   : [git] https://git.drupalcode.org/project/autologout.git a584ec7e2a51123799821bd71cd9392389f44fc1
dist     : []
path     : /var/www/html/web/modules/contrib/autologout
names    : drupal/autologout

support
source : https://git.drupalcode.org/project/autologout
issues : https://www.drupal.org/project/issues/autologout

requires
drupal/core ^9.2 || ^10
drupal/js_cookie ^1.0

requires (dev)
mpyw/phpunit-patch-serializable-comparison ^0.0.2

Drupal Core Version 10.1.5

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report
Status

Active

Version

1.0

Component

User interface

Created by

🇮🇳India Bhanu951

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @Bhanu951
  • Comment 9 months ago
    ad0z

    Dialog is not triggered when "Enforce auto logout on admin pages" is unchecked only, it happens because code:

        // We need a backup plan if JS is disabled.
    if (!$is_altlogout && !$refresh_only && isset($_SESSION['autologout_last'])) {
      // If time since last access is > timeout + padding, log them out.
      $diff = $now - $_SESSION['autologout_last'];
      if ($diff >= ($timeout + (int) $timeout_padding)) {
        $autologout_manager->logout();
        // User has changed so force Drupal to remake decisions based on user.
        global $theme, $theme_key;
        drupal_static_reset();

    I suppose it's because there is a bug in $refresh_only = $autologout_manager->refreshOnly(); which leads 

    function autologout_autologout_refresh_only() {
  if (!\Drupal::config('autologout.settings')->get('enforce_admin') && \Drupal::service('router.admin_context')->isAdminRoute(\Drupal::routeMatch()->getRouteObject())) {
    return TRUE;
  }

    to be executed, and 

     \Drupal::service('router.admin_context')->isAdminRoute(\Drupal::routeMatch()->getRouteObject())

    returns FALSE even for admin pages.(\Drupal::routeMatch()->getRouteObject() is NULL)
    It is caused by event priority $events[KernelEvents::REQUEST][] = ['onRequest', 100];.
    When I remove it, it starts to working as expected and \Drupal::routeMatch()->getRouteObject() returns object. I don't have time to debug it more today, but it may be good start to resolve this issue.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024