Hi there,

For one of our high traffic websites we were experiencing issues with autologout. Autologout configuration wasn't working for certain roles. This was due to the fact the session.gc_maxlifetime within php.ini was set to a length of time much shorter than was configured within the autologout configuration.

So by the time the JS timeout reached the point of logging out the user, the session had already been destroyed in the backend. The garbage collector being triggered and no more nice autologout flow.

I suggest to update the README.txt and add a note there to make sure the timeout settings are configured at a lower amount of seconds than session.gc_maxlifetime.

NOTE.
Most Drupal websites will not encounter this, since Drupal default.settings.php suggest this value:

/**
 * Set session lifetime (in seconds), i.e. the time from the user's last visit
 * to the active session may be deleted by the session garbage collector. When
 * a session is deleted, authenticated users are logged out, and the contents
 * of the user's $_SESSION variable is discarded.
 */
ini_set('session.gc_maxlifetime', 200000);

But I believe it's good to mention.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

ronaldtebrake created an issue. See original summary.

ronaldtebrake’s picture

Attached the updated readme for the 8.x branch :)

ronaldtebrake’s picture

Priority: Normal » Minor
Status: Active » Needs review
nkoporec’s picture

Status: Needs review » Reviewed & tested by the community

I agree this should be added to the readme.Patch applies cleanly.

  • AjitS committed f7ad4ad on 8.x-1.x authored by ronaldtebrake
    Issue #2930955 by ronaldtebrake, nkoporec: Autologout timeout...
AjitS’s picture

Thank you for the patch and review! Committed and pushed to 8.x-1.x

AjitS’s picture

Status: Reviewed & tested by the community » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.