I’m getting inconsistent behavior when using authTimeout to automatically logout users after a period of inactivity and need suggestions for troubleshooting. I have seen other users talk about being prematurely logged out; Meanwhile, I have the opposite problem.
- In my config/web I have authTimeout set in the user section. I set it for 3 minutes, wait that long and refresh my app, it goes to the login page. Perfect!
- I proudly go home, come back the next morning, press refresh and the user is logged in and the in-app page is displayed!
I am using an external authentication which sends username and password from the login form to an external page which returns to me saying that the user has been authenticated. I believe part of the problem involves this, so what I would really like to do is for Yii’s automatic logout to trigger a call to the external authentication instructing it to logout the user in its system. In config/web’s user section I have an “on afterLogout” entry which does exactly this, and outputting info to the logs shows that this works correctly in the former usage I described above. In the latter (the next morning or after a long lunch), the logs show that the afterLogout code has not run. (I have tried “beforeLogout” too.)
Can anyone explain what would cause the logout to happen at one time and not another? Both are after a sufficiently long downtime. Or at least why afterLogout/beforeLogout did not run? Is there another type of event trigger I could be using for this?
In a more general sense, what is the logic path that is taken when authTimeout has expired? And can I override or add to the code executed?