feat(auth): keep remember tokens on session timeout
- add timeout-specific logout path without remember-token revocation - reset session timers after remember-me auto login - compact session policy wording in admin settings (DE/EN) - extend auth tests for timeout/manual logout behavior
This commit is contained in:
@@ -268,6 +268,19 @@ class AuthService
|
||||
]);
|
||||
}
|
||||
|
||||
public function logoutDueToSessionTimeout(): void
|
||||
{
|
||||
$actorUserId = (int) ($this->sessionUser()['id'] ?? 0);
|
||||
$actorTenantId = $this->currentTenantIdFromSession();
|
||||
$this->sessionStore->remove('session_started_at');
|
||||
$this->sessionStore->remove('session_last_activity');
|
||||
Auth::logout();
|
||||
$this->recordAuthEvent('auth.session.timeout', 'success', [
|
||||
'actor_user_id' => $actorUserId > 0 ? $actorUserId : null,
|
||||
'actor_tenant_id' => $actorTenantId > 0 ? $actorTenantId : null,
|
||||
]);
|
||||
}
|
||||
|
||||
public function logoutAndRedirect(string $target = 'login'): void
|
||||
{
|
||||
$this->logout();
|
||||
|
||||
@@ -92,6 +92,9 @@ class RememberMeService
|
||||
|
||||
Session::regenerate();
|
||||
$this->sessionStore->set('user', $user);
|
||||
$now = time();
|
||||
$this->sessionStore->set('session_started_at', $now);
|
||||
$this->sessionStore->set('session_last_activity', $now);
|
||||
if (!empty($user['locale'])) {
|
||||
I18n::$locale = (string) $user['locale'];
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user