234

Product support

Get help in the plugin support forum.

Categories

AutoLogout Plugin

Allowing users to log in to your site is great. But how do you make sure they get logged out? How do you protect their user sessions so they don't inadvertently give access to their sensitive data to the next person who uses the computer.

The Autologout plugin for OctoberCMS gives you all the tools you need make sure users, Frontend users and Backend Admins, get auto logged out when they should.

  • You can configure the plugin to auto logout front end users (if using the Rainlab.users plugin) and / or backend users. You can configure the idle time after which the user will be logged out.

  • The plugin comes with a default popup modal that alerts the user they are about to be timed out. The modal is completely styleable using standard CSS by targetting a class you define.

  • The plugin uses websockets to detect if the user closes the tab, closes the browser, or otherwise breaks the session with the webserver, and can use this to log the user out as well.

This plugin is offered free by Purpose Built Software, Inc. as open source software under the MIT License.

AutoLogout Warning

AutoLogout Features

  • Supports Backend Users and / or Frontend Users
  • Can enable/disable Backend/Frontend functionality seperately
  • Compatible with the 'Rainlab.User' plugin for Frontend user management
  • Can set a time out of inactivity allowed for users before getting logged out
  • Extendable for authentication facades other than Backend and Rainlab.User.

Prerequisites

The followings components need to be installed and accessible from the command line:

  • NodeJS
  • NPM
  • supervisor application for process management

Installation

  • Via OctoberCMS marketplace.
  • Via Backend Admin Panel.
    • Settings -> System -> Updates & Plugins -> Install Plugins -> Search for Auto-logout

Set Up

After installing the AutoLogout plugin from the OctoberCMS marketplace, you first need to run the plugin's setup script. Run this command from the project root:

php artisan logout:setup

This command will use NPM to install all the dependencies we need to get started.

Running AutoLogout

The plugin runs a nodejs server behind the scenes to detect if a user leaves the site. To start running the plugin, run the following command:

php artisan logout:run

Since this command must be running behind in the background, you can use supervisor to make manage the process so that it comes back up on a reboot. Please check out Using Supervisor Section.

Plugin Settings

Plugin Settings

In the plugin settings in backend admin panel there are 3 settings:

  • Port Number.
    • That Port Number that will be used in the nodejs Plugin server. That port should be open in the firewall of the server so the plugin can function properly. For more about firewalls on Ubuntu, follow this link.
    • The Default Port Number is 3000
    • Whenever this Port Number is changed, use the logout:run command to restart the nodejs server on the correct port. Rebooting the machine will also work.
  • Enable Backend AutoLogout.
    • If this checkbox is checked, the plugin will log out backend users if they leave the backend panel.
    • If this checkbox is checked, the Admins Mins of inactivity will be shown.
  • Admins Mins of inactivity.
    • Users may specify the number of minutes allowed for the session to be inactive on the site or absent from the site before getting logged out! Keep it 0 if this functionality isn't needed.

Additionally, If Rainlab.User plugin is installed, the following fields will display:

  • Enable Frontend Auto-Logout.
    • If this checkbox is checked, the plugin will log out frontend users if they leave the frontend site.
    • If this checkbox is checked, the Users Mins of inactivity will be shown.
  • Users Mins of inactivity.
    • Plus the auto-logout when the user leaves the site by specifying the number of minutes allowed for the user to be inactive on the site before getting kicked out! Keep it 0 if this functionality isn't needed.

Using Supervisor

Supervisor is process manager that ensures a process is up and running. It is able to detect if a process exits and will restart it, and also start the process on server reboot. To install it on Linux, run the following command:

sudo apt-get install supervisor

Supervisor configuration files are typically stored in the /etc/supervisor/conf.d directory. Within this directory, users may create any number of configuration files that instruct Supervisor how their processes should be monitored. For example, create a logout-worker.conf file that starts and monitors a logout:run process:

[program:autologout]
process_name=%(program_name)s_%(process_num)02d
command=php /home/forge/app.com/artisan logout:run
autostart=true
autorestart=true
user=forge
numprocs=1
redirect_stderr=true
stdout_logfile=/home/forge/app.com/autologout.log

If using Forge / Homestead to host the site, please replace the app.com in the paths with the name of your application. Otherwise ensure that the paths in the configuration file point to the appropriate file locations for the logout:run command and the logfile.

Extending

The AutoLogout plugin is using (The Builder/Manager) design pattern using a class that comes with Illuminate\Support package by default in Laravel 5. View the documentation of that class from this link. The main class that should be extended is PBS\Logout\Processor.

Processor::extend('writer', function($app)
{
    // Writer class should implement PBS\Logout\Contracts\Driver
    return new Writer($app);
});

It's important to notice that any new driver should implement PBS\Logout\Contracts\Driver interface.

Contribution Guide

Feel free to open a pull request for any fix or feature to be added to AutoLogout Plugin. Please keep in mind the following before opening a pull request:

  • We follow the PSR-2 coding standard and the PSR-4 autoloading standard. The code should follow the same standards.
  • Every single method should be documented like the Laravel community.
/**
 * Register a binding with the container.
 *
 * @param  string|array  $abstract
 * @param  \Closure|string|null  $concrete
 * @param  bool  $shared
 * @return void
 *
 * @throws \Exception
 */
public function bind($abstract, $concrete = null, $shared = false)
{
    //
}

Please note that in Laravel @param should be followed by two spaces, but we're not strict about that rule. Users can write one or two spaces.

1.0.3

Add activity timestamp to frontend users table.

Dec 17, 2019

1.0.2

Add activity timestamp to backend users table.

Dec 17, 2019

1.0.1

First version of Logout

Dec 17, 2019

Autologout is currently version 1.0 and has no upgrade guide. We will update this content as needed.