Contrib.social

User role with timeout value of 0 is getting logged out

Open on Drupal.org β†’
Created on 12 June 2024, 11 months ago
Updated 13 June 2024, 11 months ago

My user only has admin role. I've enabled Role Timeout and set admin Timeout to 0, but I'm still getting logged out.

I have a few other contrib modules that might be interfering, which is why I set this as a Support Request instead of Bug. I just want to understand how it is supposed to work.

In the AutologoutSubscriber, it's comparing $diff to timeout+timeout padding. Timeout+timeout padding is always going to be pretty small if timeout=0 (in my case, it equals 20 seconds) so I'm getting logged out as soon as I hit the site. What am I missing here? How would $diff be smaller than Timeout+timeout padding if timeout=0?

// If time since last access is > timeout + padding, log them out.
$diff = $now - $session;
if ($diff >= ($timeout + (int) $timeout_padding)) 
  $autologout_manager->logout();{
πŸ’¬ Support request
Status

Active

Version

2.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States capysara

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @capysara
  • Comment 11 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States lisagodare@gmail.com

    I believe the intent is to use `hook_autologout_prevent` for that. Specifically, the module does implement that hook, and if the user timeout is set to 0, it is deleting the relevant session variable.

      // If user has no timeout set.
  if (\Drupal::service('autologout.manager')->getUserTimeout() === 0) {
    autologout_check_session_variable();
    return TRUE;
  }
    /**
 * Helper function to unset the autologout session variable if present.
 */
function autologout_check_session_variable() {
  $currentRequest = \Drupal::service('request_stack')->getCurrentRequest();
  $session = $currentRequest->getSession()->get('autologout_last');
  if (isset($session)) {
    $currentRequest->getSession()->remove('autologout_last');
  }
}

    So in the code you're looking at: `$session` should be null (and PHP will likely convert it to 0 when doing math), `$now` will be some horrifically large number (e.g., 1718311268), and `$diff` will be equal to $now.

    A quick fix might be to implement the hook yourself, and if the user timeout is 0, set the session variable to some unreasonably high number, like "$now + $padding + 1". You'll likely want to make sure your hook implementation runs last as well.

    /**
 * Implements hook_autologout_prevent().
 */
function mymodule_autologout_prevent() {
  $manager = \Drupal::service('autologout.manager');
  // If user has no timeout set.
  if ($manager->getUserTimeout() === 0) {
    $now = \Drupal::time()->getCurrentTime();
    $padding = \Drupal::config('autologout.settings')->get('padding');
    $currentRequest = \Drupal::service('request_stack')->getCurrentRequest();
    $currentRequest->getSession()->('autologout_last', $now+$padding+1);
    return TRUE;
  }
}
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024