When I took over session_limit module, I figured out how to notify the disconnected user that their session was removed. I'd like to see this type of message implemented for both the autologout and session limit parts of autologout. Right now, when a session times out, when I click to go to a page, I just get 403 denied and I'd like to have a reminder message that my 30 minute limit expired. This kind of code will do that. Instead of doing DELETE FROM {sessions}, session_limit calls this function to reset the session and set a drupal_set_message().

/**
 * Logout a specific session id and leave them a message.
 */
function _session_limit_disconnect($sid) {
  $logout_message = <<<EOM
You have been automatically logged out.
Someone else has logged in with your username and password and the maximum number of @num simultaneous sessions was exceeded.
This may indicate that your account has been compromised or that account sharing is not allowed on this site.
Please contact the site administrator if you suspect your account has been compromised.
EOM;
  $logout_message = 'messages|'. serialize(array('error' => array(t($logout_message, array('@num' => variable_get('session_limit_max', 1))))));
  db_query("UPDATE {sessions} SET uid = 0, session = '%s' WHERE sid = '%s'", $logout_message, $sid);
}

Comments

jvandervort’s picture

Version: 6.x-2.1 » 6.x-2.x-dev

Moved to the current dev head.

deekayen’s picture

Status: Needs work » Closed (fixed)

Nevermind. I improved session_limit.

deekayen’s picture

Status: Closed (fixed) » Needs work

Er... I guess I mean I'd still like to have this feature for the logged out user from the autologout side. I'm going to use session_limit for the active sessions part.

jvandervort’s picture

Status: Needs work » Fixed

committed to 6.x-2.x-dev.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.