Fix persistent login hashes checking [#3500246]

Problem/Motivation

In persistent login after version 2.2.1, the method \Drupal\persistent_login\TokenManager::createNewTokenForUser is updated, which uses \Drupal\persistent_login\RawPersistentToken::getHashedSeries to create a new token. So, to support persistent login, we need to use the new method \Drupal\persistent_login\RawPersistentToken::getHashedSeries in autologout_autologout_prevent()

Issue fork autologout-3500246

Show commands

Start within a Git clone of the project using the version control instructions.

Add & fetch this issue fork’s repository

Or, if you do not have SSH keys set up on git.drupalcode.org:

Add & fetch this issue fork’s repository

3500246-fix-persistent-login-support changes, plain diff MR !74
Check out this branch for the first time

Check out existing branch, if you already have it locally

1 hidden branch

3500246-fix-persistent-login-tokens-after-security-fix

compare

Check out this branch for the first time

Check out existing branch, if you already have it locally

About issue forks

Comments

Comment #1

16 January 2025 at 10:58

antonzavadski created an issue. See original summary.

Comment #2

16 January 2025 at 11:13

antonzavadski changed the visibility of the branch 3500246-fix-persistent-login-tokens-after-security-fix to hidden.

Comment #3

16 January 2025 at 11:35

antonzavadski opened merge request !74

Comment #4

31 March 2026 at 12:11

deaom made their first commit to this issue’s fork.

Comment #5

deaom commented 31 March 2026 at 12:21

Assigned:	antonzavadski	» Unassigned
Status:	Active	» Reviewed & tested by the community

I can confirm that MR works as expected, as without it, the if check is never true. Rebased branch and setting status to RTBC.

Comment #6

the_g_bomb commented 8 April 2026 at 21:58

Would it be worth mentioning anywhere that this needs an up-to-date version of persistent login? Perhaps we can add the note in the README that support is offered for version 2.2.2 onwards.

Willing to accept this as is, if not, as I don't use the module myself, and I note that 2.2.2 was a security update, so anyone running a version lower than that is running an insecure version.

Comment #7

the_g_bomb commented 8 April 2026 at 22:12

The other thought I have is that it would be better to consider using the validateToken() method per #3398250: Add persistent login module support D10. I can't say I am 100% confident about which is the best approach.

Comment #8

the_g_bomb commented 30 April 2026 at 23:31

Status:

Reviewed & tested by the community

» Fixed

Merged, thank you

Comment #9

30 April 2026 at 23:31

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.

Comment #10

30 April 2026 at 23:38

the_g_bomb committed 994f1dbb on 2.x authored by antonzavadski
```
#3500246 - Fix persistent login hashes checking
```

Comment #11

14 May 2026 at 23:40

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

Fix persistent login hashes checking