Base solution for your next web application
Open Closed

Request for Technical Assistance - Automatic Site Logout Implementation in ABP Framework #11801


User avatar
0
NPECAdmin created

Our objective is to implement an automatic site logout feature after a session timeout of 14,400 seconds (4 hours) on our platform for both normally logged in and for impersonated users. To achieve this, we have configured the Session Timeout Control in the ABP framework under Settings -> User Management. Specifically, we enabled the Session Timeout Control and set the timeout duration to 14,400 seconds.

The current behaviour allows the site to log out users only if they are inactive for the entire 14,400 seconds. However, we require the site to log out users even if they are active. To address this, we attempted to modify the response of the Authenticate API in the TokenAuthController as follows:

int expireTokenInSeconds = await SettingManager.GetSettingValueAsync<int>(AppSettings.UserManagement.SessionTimeOut.TimeOutSecond);

return new AuthenticateResultModel
{
    AccessToken = accessToken,
    ExpireInSeconds = expireTokenInSeconds,
    RefreshToken = refreshToken.token,
    RefreshTokenExpireInSeconds = expireTokenInSeconds,
    EncryptedAccessToken = GetEncryptedAccessToken(accessToken),
    TwoFactorRememberClientToken = twoFactorRememberClientToken,
    UserId = loginResult.User.Id,
    ReturnUrl = returnUrl
};

While this modification successfully redirects the site to the logout screen after 14,400 seconds, triggered by any API call, it displays a "Current user not logged in" error message. Our objective, however, is to have the site automatically log out after 14,400 seconds without requiring an API call and handle this in the UI itself.

We seek your guidance and assistance in resolving this matter. Please provide instructions or insights on how to achieve automatic site logout after the specified duration, directly handled within the UI, without the need for additional API calls.

We are using ABP v12.2.0 with angular.

Thank you for your support.


1 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @NPECAdmin

    I'm not sure if this is a good approach but, you can register a background job and send a SignalR message to client when this time is expired. Or, as an alternative, you can do this on the client side and automatically call /account/logout when the given time is expired but using server-side might be better since trusting client side code is less secure.