Session Timeout And Authtimeout

Hi guys

I’m using authTimeout to implement my session timeouts and have overridden CWebUser so that I get flash messages both on normal logouts and on authTimeout. This works great however authTimeout seems to be getting overridden by the normal timeout, so that no flash message is display if the page is accessed or refreshed after timeout has expired.

I’ve tested this by setting timeout = 10 (seconds) and authTimeout = 5 (secs) in config.

If I refresh the page after between 5 and 10 seconds, I am redirected to login.php with a flash message.

However if I wait until after 10 seconds, I get no message.

Anyone know how to work around this other than setting timeout to a longer period?