How do you logout a user from the server in PHP?

I want to create a customisation that logs users out after a certain time of inactivity since closing Sugar in their browser (e.g. log out at night). I need this separate from Oauth token lifetimes so that APIs and the Outlook Plugin can still be configured to never log off.

I'm trying to find a way to log the current user out in Sugar using PHP. I've looked at these files and tried their logout implementations with appropriate adjustments in a custom logic hook and a custom entry point, but none have worked:

  • clients/base/api/OAuth2Api.php
  • modules/Users/Logout.php

Do you know of any method of logging out a user without using the browser?

Parents Reply
  • Thanks, that's a very helpful article in general!

    But it even says that just the table won't be enough:

    If the entries are only removed from the database table, it will only fail to re-generate the next token as soon as the current one expires, but it will not logout the users right away.

    And I believe there must be a clean method of logging a user out already available, since Sugar does that through the API and in other places. It's weird though that the same code doesn't work in an entry point or a logic hook.

Children
  • Hi again

    Yes, you're right about that bit from the blog post. Simply deleting the entry from the table will not be enough. One thing that's not exactly clear to me about your use case is if the users will still be logged in? For example, will the application still be open in their browser? Or will they close the browser without bothering to log out?

    As you're probably aware the process of logging out of the application eventually hits the oauth2/logout endpoint but before doing so it's doing some clean up on the client side. I had a look on a 7.9.2 instance I have locally and as far as I can tell the first JS function that gets triggered when you logout is in the sidecar/src/core/router.js in the logout function. If you follow the flow from there you'll see that this will delegate to the logout function in sidecar/src/app.js. This function is triggering the app:logout event which has a few listeners scattered around. Without rambling on much further I don't think you can trigger a full logout strictly from the server via PHP. 

  • Hi Artis Plocins,

    If you need a user to be logged out after X minutes since login (independently from user activity), you can achieve so by setting the configuration option as stated on the blog post:

    $sugar_config['oauth2']['max_session_lifetime'] = <seconds>;

    Alternatively, if you need an idle logout triggered client side, I did a POC for a similar use case quite some time ago that you could have a look at as a starting point, and see if it still works. The POC would only apply to browser based inactivity (not mobile or plugins) and it is i initiated client side. The code can be found here: GitHub - esimonetti/SugarIdleLogout: Idle based automatic logout from web browser ui 

    Also, do remember that this could cause issues if the users have unsaved work on their browsers and the system logs them out.

    As a disclaimer, as usual please note that any of the code changes samples provided are "as is" and it would be your responsibility to maintain and support.

    --

    Enrico Simonetti

    Sugar veteran (from 2007)

    www.naonis.tech


    Feel free to reach out for consulting regarding:

    • API Integration and Automation Services
    • Sugar Architecture
    • Sugar Performance Optimisation
    • Sugar Consulting, Best Practices and Technical Training
    • AWS and Sugar Technical Help
    • CTO-as-a-service
    • Solutions-as-a-service
    • and more!

    All active SugarCRM certifications

    Actively working remotely with customers based in APAC and in the United States