feat(auth): keep remember tokens on session timeout

- add timeout-specific logout path without remember-token revocation

- reset session timers after remember-me auto login

- compact session policy wording in admin settings (DE/EN)

- extend auth tests for timeout/manual logout behavior
This commit is contained in:
2026-03-09 20:47:21 +01:00
parent 792af5a532
commit af8ee10930
8 changed files with 106 additions and 11 deletions

View File

@@ -92,6 +92,9 @@ class RememberMeService
Session::regenerate();
$this->sessionStore->set('user', $user);
$now = time();
$this->sessionStore->set('session_started_at', $now);
$this->sessionStore->set('session_last_activity', $now);
if (!empty($user['locale'])) {
I18n::$locale = (string) $user['locale'];
}