Contrib.social

User role with timeout value of 0 is getting logged out

Open on Drupal.org →
Created on 12 June 2024, about 1 year ago

My user only has admin role. I've enabled Role Timeout and set admin Timeout to 0, but I'm still getting logged out.

I have a few other contrib modules that might be interfering, which is why I set this as a Support Request instead of Bug. I just want to understand how it is supposed to work.

In the AutologoutSubscriber, it's comparing $diff to timeout+timeout padding. Timeout+timeout padding is always going to be pretty small if timeout=0 (in my case, it equals 20 seconds) so I'm getting logged out as soon as I hit the site. What am I missing here? How would $diff be smaller than Timeout+timeout padding if timeout=0?

// If time since last access is > timeout + padding, log them out.
$diff = $now - $session;
if ($diff >= ($timeout + (int) $timeout_padding)) 
  $autologout_manager->logout();{
💬 Support request
Status

Active

Version

2.0

Component

Code

Created by

🇺🇸United States capysara

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @capysara
  • Comment about 1 year ago
    🇺🇸United States lisagodare@gmail.com

    I believe the intent is to use `hook_autologout_prevent` for that. Specifically, the module does implement that hook, and if the user timeout is set to 0, it is deleting the relevant session variable.

      // If user has no timeout set.
  if (\Drupal::service('autologout.manager')->getUserTimeout() === 0) {
    autologout_check_session_variable();
    return TRUE;
  }
    /**
 * Helper function to unset the autologout session variable if present.
 */
function autologout_check_session_variable() {
  $currentRequest = \Drupal::service('request_stack')->getCurrentRequest();
  $session = $currentRequest->getSession()->get('autologout_last');
  if (isset($session)) {
    $currentRequest->getSession()->remove('autologout_last');
  }
}

    So in the code you're looking at: `$session` should be null (and PHP will likely convert it to 0 when doing math), `$now` will be some horrifically large number (e.g., 1718311268), and `$diff` will be equal to $now.

    A quick fix might be to implement the hook yourself, and if the user timeout is 0, set the session variable to some unreasonably high number, like "$now + $padding + 1". You'll likely want to make sure your hook implementation runs last as well.

    /**
 * Implements hook_autologout_prevent().
 */
function mymodule_autologout_prevent() {
  $manager = \Drupal::service('autologout.manager');
  // If user has no timeout set.
  if ($manager->getUserTimeout() === 0) {
    $now = \Drupal::time()->getCurrentTime();
    $padding = \Drupal::config('autologout.settings')->get('padding');
    $currentRequest = \Drupal::service('request_stack')->getCurrentRequest();
    $currentRequest->getSession()->('autologout_last', $now+$padding+1);
    return TRUE;
  }
}
  • Comment about 1 month ago
    🇸🇮Slovenia deaom

    The part of the code you're referring to should not be relevant as there is a check above it, that prevents the code to even go to that part. The check is 

    if ($this->autoLogoutManager->preventJs()) {
      return;
}

    I've tested this and have no issues when admin role has the timeout set to 0. It does not log me out. I've also tried with enabling the force on admin pages checkbox checked.

    Without knowing what other contrib or custom modules you have added it's hard to debug where the issue lies.

    You can try coding something like @lisagodare suggested or try disabling modules and then enabling them back one by one, to see which one is interfering with the autologout.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024