How do you logout a user from the server in PHP?

Hi

check out this blog post: Session duration on Sugar 7 | Enrico Simonetti [dot com]  

From that post you could try removing entries from oauth_tokens table.

HTH

Thanks, that's a very helpful article in general!

But it even says that just the table won't be enough:

If the entries are only removed from the database table, it will only fail to re-generate the next token as soon as the current one expires, but it will not logout the users right away.

And I believe there must be a clean method of logging a user out already available, since Sugar does that through the API and in other places. It's weird though that the same code doesn't work in an entry point or a logic hook.

Thanks, that's a very helpful article in general!

But it even says that just the table won't be enough:

If the entries are only removed from the database table, it will only fail to re-generate the next token as soon as the current one expires, but it will not logout the users right away.

And I believe there must be a clean method of logging a user out already available, since Sugar does that through the API and in other places. It's weird though that the same code doesn't work in an entry point or a logic hook.

Hi again

Yes, you're right about that bit from the blog post. Simply deleting the entry from the table will not be enough. One thing that's not exactly clear to me about your use case is if the users will still be logged in? For example, will the application still be open in their browser? Or will they close the browser without bothering to log out?

As you're probably aware the process of logging out of the application eventually hits the oauth2/logout endpoint but before doing so it's doing some clean up on the client side. I had a look on a 7.9.2 instance I have locally and as far as I can tell the first JS function that gets triggered when you logout is in the sidecar/src/core/router.js in the logout function. If you follow the flow from there you'll see that this will delegate to the logout function in sidecar/src/app.js. This function is triggering the app:logout event which has a few listeners scattered around. Without rambling on much further I don't think you can trigger a full logout strictly from the server via PHP. 

Hi Artis Plocins,

If you need a user to be logged out after X minutes since login (independently from user activity), you can achieve so by setting the configuration option as stated on the blog post:

$sugar_config['oauth2']['max_session_lifetime'] = <seconds>;

Alternatively, if you need an idle logout triggered client side, I did a POC for a similar use case quite some time ago that you could have a look at as a starting point, and see if it still works. The POC would only apply to browser based inactivity (not mobile or plugins) and it is i initiated client side. The code can be found here: GitHub - esimonetti/SugarIdleLogout: Idle based automatic logout from web browser ui 

Also, do remember that this could cause issues if the users have unsaved work on their browsers and the system logs them out.

As a disclaimer, as usual please note that any of the code changes samples provided are "as is" and it would be your responsibility to maintain and support.