User role with timeout value of 0 is getting logged out

Created on 12 June 2024, 6 months ago
Updated 13 June 2024, 6 months ago

My user only has admin role. I've enabled Role Timeout and set admin Timeout to 0, but I'm still getting logged out.

I have a few other contrib modules that might be interfering, which is why I set this as a Support Request instead of Bug. I just want to understand how it is supposed to work.

In the AutologoutSubscriber, it's comparing $diff to timeout+timeout padding. Timeout+timeout padding is always going to be pretty small if timeout=0 (in my case, it equals 20 seconds) so I'm getting logged out as soon as I hit the site. What am I missing here? How would $diff be smaller than Timeout+timeout padding if timeout=0?

// If time since last access is > timeout + padding, log them out.
$diff = $now - $session;
if ($diff >= ($timeout + (int) $timeout_padding)) 
  $autologout_manager->logout();{
πŸ’¬ Support request
Status

Active

Version

2.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States capysara

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @capysara
  • πŸ‡ΊπŸ‡ΈUnited States lisagodare@gmail.com

    I believe the intent is to use `hook_autologout_prevent` for that. Specifically, the module does implement that hook, and if the user timeout is set to 0, it is deleting the relevant session variable.

      // If user has no timeout set.
      if (\Drupal::service('autologout.manager')->getUserTimeout() === 0) {
        autologout_check_session_variable();
        return TRUE;
      }
    /**
     * Helper function to unset the autologout session variable if present.
     */
    function autologout_check_session_variable() {
      $currentRequest = \Drupal::service('request_stack')->getCurrentRequest();
      $session = $currentRequest->getSession()->get('autologout_last');
      if (isset($session)) {
        $currentRequest->getSession()->remove('autologout_last');
      }
    }

    So in the code you're looking at: `$session` should be null (and PHP will likely convert it to 0 when doing math), `$now` will be some horrifically large number (e.g., 1718311268), and `$diff` will be equal to $now.

    A quick fix might be to implement the hook yourself, and if the user timeout is 0, set the session variable to some unreasonably high number, like "$now + $padding + 1". You'll likely want to make sure your hook implementation runs last as well.

    /**
     * Implements hook_autologout_prevent().
     */
    function mymodule_autologout_prevent() {
      $manager = \Drupal::service('autologout.manager');
      // If user has no timeout set.
      if ($manager->getUserTimeout() === 0) {
        $now = \Drupal::time()->getCurrentTime();
        $padding = \Drupal::config('autologout.settings')->get('padding');
        $currentRequest = \Drupal::service('request_stack')->getCurrentRequest();
        $currentRequest->getSession()->('autologout_last', $now+$padding+1);
        return TRUE;
      }
    }
Production build 0.71.5 2024