Force logout function

This topic is relative to this one:

In an Elgg 2.2 installation the session never expires although I´ve done all the above steps, disabled all 3td party plugins etc, so I´ve created a funtion to force logout:

function isLoginSessionExpired() {
    if (!elgg_is_logged_in()) {
            return false;    
    //The user was logged out
    if ($user->last_login > $user->prev_last_action ) {
            return false;        
    //Timeout in seconds
    $login_session_duration = 15*60; 
    //$current_time = time();
    $user = elgg_get_logged_in_user_entity();    
        if((time() - $user->prev_last_action) > $login_session_duration){ 
            return true;            
    return false;    

And I call it from start.php of my plugin theme:

if (isLoginSessionExpired()){

BUT I´ve two problem:

  1. Sometimes when user log in, this function logout inmediately to user and he must log in again.
  2. The system message is displayed twice

Any suggestion to solve the problems or improve the code? 

  • I think last_action attribute is what you need, not prev_last_action.
    Dig through the token renewal code, there might be a way to log the user out when token is no longer refreshed via ajax

  • I tried with last_action but doesn't refresh when you load / reload the page.

    I´ve take a look to _elgg_csrf_token_refresh function and I dont see a way to logout the user, maybe invalidating session_token?, is there a way to invalidate it?

    Thanks Ismayil.    

  • Logging out invalidates session token.
    I suppose you could use JavaScript to set a timeout and execute a logout action after 15min.

Beginning Developers

Beginning Developers

This space is for newcomers, who wish to build a new plugin or to customize an existing one to their liking