How do you logout a user from the server in PHP?

I want to create a customisation that logs users out after a certain time of inactivity since closing Sugar in their browser (e.g. log out at night). I need this separate from Oauth token lifetimes so that APIs and the Outlook Plugin can still be configured to never log off.

I'm trying to find a way to log the current user out in Sugar using PHP. I've looked at these files and tried their logout implementations with appropriate adjustments in a custom logic hook and a custom entry point, but none have worked:

  • clients/base/api/OAuth2Api.php
  • modules/Users/Logout.php

Do you know of any method of logging out a user without using the browser?

Parents
  • Hi

    check out this blog post: Session duration on Sugar 7 | Enrico Simonetti [dot com]  

    From that post you could try removing entries from oauth_tokens table.

    HTH

  • Thanks, that's a very helpful article in general!

    But it even says that just the table won't be enough:

    If the entries are only removed from the database table, it will only fail to re-generate the next token as soon as the current one expires, but it will not logout the users right away.

    And I believe there must be a clean method of logging a user out already available, since Sugar does that through the API and in other places. It's weird though that the same code doesn't work in an entry point or a logic hook.

  • Hi again

    Yes, you're right about that bit from the blog post. Simply deleting the entry from the table will not be enough. One thing that's not exactly clear to me about your use case is if the users will still be logged in? For example, will the application still be open in their browser? Or will they close the browser without bothering to log out?

    As you're probably aware the process of logging out of the application eventually hits the oauth2/logout endpoint but before doing so it's doing some clean up on the client side. I had a look on a 7.9.2 instance I have locally and as far as I can tell the first JS function that gets triggered when you logout is in the sidecar/src/core/router.js in the logout function. If you follow the flow from there you'll see that this will delegate to the logout function in sidecar/src/app.js. This function is triggering the app:logout event which has a few listeners scattered around. Without rambling on much further I don't think you can trigger a full logout strictly from the server via PHP. 

Reply
  • Hi again

    Yes, you're right about that bit from the blog post. Simply deleting the entry from the table will not be enough. One thing that's not exactly clear to me about your use case is if the users will still be logged in? For example, will the application still be open in their browser? Or will they close the browser without bothering to log out?

    As you're probably aware the process of logging out of the application eventually hits the oauth2/logout endpoint but before doing so it's doing some clean up on the client side. I had a look on a 7.9.2 instance I have locally and as far as I can tell the first JS function that gets triggered when you logout is in the sidecar/src/core/router.js in the logout function. If you follow the flow from there you'll see that this will delegate to the logout function in sidecar/src/app.js. This function is triggering the app:logout event which has a few listeners scattered around. Without rambling on much further I don't think you can trigger a full logout strictly from the server via PHP. 

Children
No Data