This is related to #581356: Session timestamp only updated on non-cached pages. The fix provided for this issue makes it so the module will never logout in cases where another module is installed that makes service calls back to the Drupal instance.
I see this on my site because I have the Instant Messenger module installed. It is configured to load a menu item, "?q=im/friendlist", on a regular interval from the Javascript it embeds on a page. Drupal than processes this query in its normal way and one of the results is the the autologout_boot() function is called and the autologout_hits session variable is updated. This causes the lastaccess session variable to be updated when the view page is actually refreshed or a non-cached page is loaded.
I'm not sure of the best way to handle this problem. I can't see a nice way to determine that these service calls should not be included in the autologout_hits session variable.
Comments
Comment #1
johnennew commentedClosing old issue.