Contrib.social

User role with timeout value of 0 is getting logged out

Open on Drupal.org β†’
Created on 12 June 2024, 3 months ago
Updated 13 June 2024, 3 months ago

My user only has admin role. I've enabled Role Timeout and set admin Timeout to 0, but I'm still getting logged out.

I have a few other contrib modules that might be interfering, which is why I set this as a Support Request instead of Bug. I just want to understand how it is supposed to work.

In the AutologoutSubscriber, it's comparing $diff to timeout+timeout padding. Timeout+timeout padding is always going to be pretty small if timeout=0 (in my case, it equals 20 seconds) so I'm getting logged out as soon as I hit the site. What am I missing here? How would $diff be smaller than Timeout+timeout padding if timeout=0?

// If time since last access is > timeout + padding, log them out.
$diff = $now - $session;
if ($diff >= ($timeout + (int) $timeout_padding)) 
  $autologout_manager->logout();{
πŸ’¬ Support request
Status

Active

Version

2.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States capysara

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @capysara
  • Comment 3 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States lisagodare@gmail.com

    I believe the intent is to use `hook_autologout_prevent` for that. Specifically, the module does implement that hook, and if the user timeout is set to 0, it is deleting the relevant session variable.

      // If user has no timeout set.
  if (\Drupal::service('autologout.manager')->getUserTimeout() === 0) {
    autologout_check_session_variable();
    return TRUE;
  }
    /**
 * Helper function to unset the autologout session variable if present.
 */
function autologout_check_session_variable() {
  $currentRequest = \Drupal::service('request_stack')->getCurrentRequest();
  $session = $currentRequest->getSession()->get('autologout_last');
  if (isset($session)) {
    $currentRequest->getSession()->remove('autologout_last');
  }
}

    So in the code you're looking at: `$session` should be null (and PHP will likely convert it to 0 when doing math), `$now` will be some horrifically large number (e.g., 1718311268), and `$diff` will be equal to $now.

    A quick fix might be to implement the hook yourself, and if the user timeout is 0, set the session variable to some unreasonably high number, like "$now + $padding + 1". You'll likely want to make sure your hook implementation runs last as well.

    /**
 * Implements hook_autologout_prevent().
 */
function mymodule_autologout_prevent() {
  $manager = \Drupal::service('autologout.manager');
  // If user has no timeout set.
  if ($manager->getUserTimeout() === 0) {
    $now = \Drupal::time()->getCurrentTime();
    $padding = \Drupal::config('autologout.settings')->get('padding');
    $currentRequest = \Drupal::service('request_stack')->getCurrentRequest();
    $currentRequest->getSession()->('autologout_last', $now+$padding+1);
    return TRUE;
  }
}
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024