Improve documentation for Enforce auto logout on admin pages setting

Can you try going to Configuration > Automated logout settings
Then in the config form, could you tick the checkbox:
"Enforce auto logout on admin pages"
This should mean the logout settings will affect those on the admin routes as well.

Hi, Tested on Drupal 11.2.3. After enabling the option “Enforce auto logout on admin pages”, users were logged out correctly on admin routes. Working as expected. Thanks.

Great news, thanks for letting us know.

Sorry, there is a bit of "Drupalisms" at play here.

By admin routes, I did mean /admin/* pages, but I recognise now that that doesn't necessarily also obviously lend itself to include the node/*/edit page, but in this case it does. Node edit is an editor function and so is treated as an admin route. (On the /admin/ path, to be accessed by those logged in to the backend and having permissions to configure the site.)

You are correct that this setting does not affect an administrator role or any other user with admin rights.

/node/123 is a front-end page
/node/123/edit is an admin page to be accessed by an editor
/node/add also an admin page

Perhaps this ticket should become something about the wording of the setting. Happy to take suggestions on how to improve the clarity.

Perhaps just making the label clearer on the config page here would be enough.
https://git.drupalcode.org/project/autologout/-/blob/8.x-1.x/src/Form/Au...
Maybe something like:
Enable autologout on administration pages
With the description
By default, autologout keeps the session alive on administration pages. Enable this to apply autologout there too. This includes content editing pages (such as node/add and node/*/edit) on sites where "Use the administration theme when editing or creating content" is enabled.

As you may have discovered there is work ongoing to improve Drupalisms.

Do you think changing the use of admistration pages, to backend pages
Maybe something like:
"Enable autologout on backend pages"
With the description:
By default, autologout keeps the session alive on backend pages. Enable this to apply autologout there as well. This includes content editing pages (such as node/add and node/*/edit) on sites where "Use the administration theme when editing or creating content" is enabled.

While, I agree that the "administration theme" itself won't change things much, `i msy be wrong, but I think the setting at the bottom of /admin/appearance does change the node/add forms into what are deemed "admin" routes. Unchecking this would mean node/add and node/{nid}/edit pages are not treated as admin routes, which could change the functionality of autologout.

I agree that it can be difficult to describe the behaviour, and also debugging it can take time :)

For easier debugging, I added the "Automated logout info" block to both the regular, as well as the admin theme. Under administration ("back end") pages such as /admin/config/people as well as /node/add/page and see this message:

Automated logout info
Autologout does not apply on the current page, you will be kept logged in whilst this page remains open.

If under /admin/config/people/autologout "Enforce auto logout on admin pages - If checked, then users will be automatically logged out when administering the site." is enabled, I now get this message under those paths:

Automated logout info
You will be logged out in 1 min if this page is not refreshed before then.

I had a look in the code, and found this in src/AutologoutManager.php:

/**
 * Implements hook_autologout_refresh_only().
 */
function autologout_autologout_refresh_only() {
  if (!\Drupal::config('autologout.settings')->get('enforce_admin') && \Drupal::service('router.admin_context')->isAdminRoute(\Drupal::routeMatch()->getRouteObject())) {
    return TRUE;
  }
}

... and looked around for info about isAdminRoute, and found:

• #1316692: Convert hook_admin_paths() into declarative properties on routes
• https://drupal.stackexchange.com/questions/219370/how-to-test-if-current...

I verified that it is still necessary to check "Use the administration theme when editing or creating content" on the theme admin page at /admin/appearance if you want to enforce autologout behaviour from node/edit and /node/add/page pages.

Great suggestions @the_g_bomb, I do think we should perhaps stick to using the "admin page" concept, since it's such an ingrained Drupalism, but add examples of paths? I tweaked your great suggestion a bit, and perhaps the help text could be updated from:

[] Enforce auto logout on admin pages
If checked, then users will be automatically logged out when administering the site.

... to something like this?

[] Enforce automatic logout on administration pages
By default, Automated Logout keeps the session alive on administration pages, such as /admin/config/people, /node/add/page, etc. Enable this to apply Automated Logout there as well. To include content editing pages such as node/add and node/*/edit, enable "Use the administration theme when editing or creating content" under /admin/appearance. For easier debugging, enable the "Automated logout info" block for all themes.

I created an MR with a suggestion for an updated help text.

PS. I accidentally created it for 1.x-dev first ... perhaps the default branch can be set to 2.x on GitLab? Thanks! https://git.drupalcode.org/project/autologout

Also, perhaps the project page could be updated, to have a short text about the two versions (Version 2 and 1.7) and how (if) they differ here?

Old Versions

The 7.x-5.x branch was discontinued. Only use the 7.x-4.x branch releases for Drupal 7.

+1 for the movement of the default branch, unfortunately I don't have permissions to do that.

That being said, I think we should create a 3.x branch to do a major update and drop Drupal 9 and > 10.2.

Once that is out we'll be supporting 1 branch from then onwards.

Thanks for a fast reply @the_g_bomb.

Since you are by far the most active member of the project's 13 members (could be the record?) -- and the de facto maintainer of the project -- perhaps you can request getting granted the GitLab "Maintainer"-role from one of the four members with the "Maintainer"-role? https://git.drupalcode.org/project/autologout/-/project_members

Then you are also free to update the project page text, and create a 3.x branch, to facilitate future improvements, which sounds like a great plan by the way.

But all that aside, what do you think about the MR? :)

I've had a look at the MR, and it looks good.
Two thoughts, I wondered if we should alter the use of "Enforce", as I thought it sounded like it would kick people out straight away. I thought enable might sound like it was just applying the settings there as well. But happy to be talked back on this.
I also wondered if we are putting too much information in the field description now.
Perhaps a halfway house like:

By default, Automated Logout keeps the session alive on administration pages, such as /admin/config/people, etc.
Enable this to apply Automated Logout there as well.
Editing pages like node/add and node/*/edit, will also be affected if the "Use the administration theme when editing or creating content" setting is checked under /admin/appearance.

Thanks for the feedback, I agree that it got too wordy, and also that using "Enable" is more precise wording, and I updated the MR. Looking forward to hear what you think about the revised MR.

PS. If useful as inspiration, here's a "request Maintainer role" issue from another project: #3556750: Applying for 'Maintainer' role for the project Block Class on Gitlab.

Thanks for starting a discussion in #3580372: Stop overloading the term "administration" (which is now connected to this issue) it's always a good idea to revisit and adjust this kind of jargon, adopted organically over a long period, which may not be precise enough.

Feel free to change the status to "Reviewed and tested by the community" @charles belov.