feat(auth): keep remember tokens on session timeout
- add timeout-specific logout path without remember-token revocation - reset session timers after remember-me auto login - compact session policy wording in admin settings (DE/EN) - extend auth tests for timeout/manual logout behavior
This commit is contained in:
@@ -79,7 +79,7 @@ if (!empty($_SESSION['user']['id'])) {
|
||||
$isAbsolute = ($now - $sessionStartedAt) > $absoluteTimeoutSeconds;
|
||||
|
||||
if ($isIdle || $isAbsolute) {
|
||||
$authService->logout();
|
||||
$authService->logoutDueToSessionTimeout();
|
||||
Flash::error(t('Your session has expired. Please log in again.'), 'login', 'session_timeout');
|
||||
Router::redirect('login');
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user