Hi there,
For one of our high traffic websites we were experiencing issues with autologout. Autologout configuration wasn't working for certain roles. This was due to the fact the session.gc_maxlifetime
within php.ini
was set to a length of time much shorter than was configured within the autologout configuration.
So by the time the JS timeout reached the point of logging out the user, the session had already been destroyed in the backend. The garbage collector being triggered and no more nice autologout flow.
I suggest to update the README.txt and add a note there to make sure the timeout settings are configured at a lower amount of seconds than session.gc_maxlifetime
.
NOTE.
Most Drupal websites will not encounter this, since Drupal default.settings.php
suggest this value:
/**
* Set session lifetime (in seconds), i.e. the time from the user's last visit
* to the active session may be deleted by the session garbage collector. When
* a session is deleted, authenticated users are logged out, and the contents
* of the user's $_SESSION variable is discarded.
*/
ini_set('session.gc_maxlifetime', 200000);
But I believe it's good to mention.
Comment | File | Size | Author |
---|---|---|---|
#2 | readme-updated-2930955-2.patch | 522 bytes | ronaldtebrake |
|
Comments
Comment #2
ronaldtebrake CreditAttribution: ronaldtebrake as a volunteer and for Open Social commentedAttached the updated readme for the 8.x branch :)
Comment #3
ronaldtebrake CreditAttribution: ronaldtebrake as a volunteer and for Open Social commentedComment #4
nkoporecI agree this should be added to the readme.Patch applies cleanly.
Comment #6
AjitSThank you for the patch and review! Committed and pushed to 8.x-1.x
Comment #7
AjitS