Idle Session Logout – change logout redirect or change ISL message

[vevans2]

Hello,

Thank you for creating this terrific plugin!

I am especially interested in the ISL.  Is there any way to change the message that comes up with the idle user is logged out?  Ideally, I would really like to just log them out and redirect them to the login page, bypassing the message altogether.  Is there any way to do this?

Thanks again for the plugin and also for the help.

Valerie

[AITpro Admin]

To change the ISL redirect URL you would need to manually edit the code in this BPS plugin file: /bulletproof-security/includes/idle-session-logout.php at Code Lines: 77 and 109 (the code is duplicated in 2 places).  We will add additional options in ISL in BPS Pro 11.9/BPS .53.8 so that these things can be changed in ISL option settings without having to manually edit any code.

function bpsSessionExpired() {
window.location.assign("<?php echo plugins_url('/bulletproof-security/isl-logout.php'); ?>");
}

To redirect to the WP Login page instead of the ISL Logout Template file:

function bpsSessionExpired() {
window.location.assign("<?php echo site_url( '/wp-login.php' ); ?>");
}

If you want to change the ISL message that is displayed you would need to manually edit the code in the BPS ISL Logout Template file: /bulletproof-security/isl-logout.php at Code Line: 77.  Change the message text to whatever you prefer.

echo '<div id="bpsMessageTextBox">';
echo '<p>' . $bps_hostname . ' Login Session Expired</p>';
echo '<p>Your Login Session has expired due to inactivity.</p>';
echo '<p>Idle Session Logout (ISL) Time: ' . $BPS_ISL_options['bps_isl_timeout'] . ' minutes.</p>';
echo '<p><a href="' . filter_var( $url, FILTER_VALIDATE_URL, FILTER_FLAG_PATH_REQUIRED ) . '" style="text-decoration:underline;">Login</a> again.</p>';
echo '</div>';

[vevans2]

Wow- that you for the quick response and solution.  It works perfectly!

Thanks again,

Valerie

[AITpro Admin]

Great!  Thanks for confirming it works. In BPS Pro 11.9/BPS .53.8 the new ISL option will be named something like:  Idle Session Logout Redirect URL: http://www.example.com/wp-login.php

[vevans2]

Thanks for the heads-up about the update.

One weird thing that happened is the idle user log-out is no longer logged by my activity plugin when I changed the url in the php file.  When I changed it back, the activity log plugin was recording the log-outs again.  I don’t understand the difference, only mentioning it in case you had some insight on it.  I’m just going to use the original url and may make some adjustments to the message.  (also maybe the update will not have this issue, so looking forward to that)

Valerie

[AITpro Admin]

I assume the “activity log plugin” does not intentionally log wp-login.php page logouts for a good reason, which would be that every single logout on your site would be logged.  BPS ISL forces an automatic logout, which is identical to a user logging out of the site manually.  Also if someone does choose to use a different redirect URL other than the default /isl-logout.php URL then BPS Security Logging will not log the Idle Session Logout in the BPS Security Log file since the logging code is in the isl-logout.php file.

[AITpro Admin]

We decided to use another method of doing a redirect that will still log Idle Session Logouts in the BPS Security Log and should also work for your “activity log plugin” to log the logout.  ISL logouts are still sent to the /isl-logout.php logging template, but if someone has chosen a different Idle Session Logout Page URL setting such as, http://www.example.com/wp-login.php then a redirect condition in the /isl-logout.php logging template file will redirect ISL logouts to that Logout Page URL. The redirect happens instantly so someone would not see the standard BPS Idle Session Logout Page and would only see the WP Login page if the URL was redirecting to the WP Login page.

[vevans2]

Wow!   That’s great news.   Thank you.

Is there any way to record the log outs that occur after the browser is closed?  (I guess these are the cookie expiration log outs)

Valerie

[AITpro Admin]

ACE uses a hard logout based on Cookies and ISL uses a soft logout based on javascript event listeners and the Client Browser, which just reminded me that I need to correct the ISL Read Me help text. 😉  ACE does not log anything.  ISL will only log a logout if the Client Browser is still open and not closed.  The primary purpose for ISL is to logout idle/inactive users that are logged into your site, but are not doing anything and not so much about logging that logout event.  It would be possible to capture the user’s session and then use that session expiration to log the logout event, but since the real goal of ISL is to logout idle/inactive users and not really about logging then that additional code would probably never be created.

[vevans2]

Thank you for the detailed response.  The support for BPS is unreal.  I appreciate it!

That makes sense.  I knew it was a long shot but I had to ask.  My site is an LMS and I am required to record session length for the credentialing entity.  Also a long shot, but are there any BPS developers for hire that would be interested in creating this code extra code?

Valerie

[AITpro Admin]

That is not really what ISL and ACE are intended for or designed for.  It would be better to find a plugin that is intended to do what you are looking for.  Maybe this plugin is what you are looking for:  User Session Control:  https://wordpress.org/plugins/user-session-control/ , but it looks like the plugin only shows a real-time view of Sessions and does not record/log the Sessions.  Seems like adding additional DB or file logging would not be too difficult to add to that plugin.  So contact the author of that plugin and see if it does already log user sessions and if not then maybe that plugin author would be interested in adding that to his plugin.

[vevans2]

Thank you for the plugin suggestion.  I appreciate all the you time you gave my questions.  Looking forward to the update.

Have a great day

Valerie

[Author]

Posts