I am trying to log out user automatically in yii2 after he is idle for a fixed seconds . In web.php I added

'user' => [
            'identityClass' => 'app\models\User',
            'enableAutoLogin' => true,
            'authTimeout'=>100
        ],

inside components . I am using basic template. But it is not logging out automatically. Does this work in Yii2? I was following documentation from http://www.yiiframework.com/doc-2.0/yii-web-user.html

$authTimeout - public property.

The number of seconds in which the user will be logged out automatically if he remains inactive. If this property is not set, the user will be logged out after the current session expires (c.f. yii\web\Session::$timeout).

Note that this will not work if $enableAutoLogin is true.

Your config is correct. But it will not automatically refresh your page and show you login form. Technically it will log you out only at the next request after the session is expired. And you should be aware of ajax scripts working on your page and calling some other pages by time interval. Every request will renew your session timeout. There is also "absoluteAuthTimeout" parameter instead of "authTimeout" - that will log you out after the timeout despite of your activity.

You can also use

session.gc_maxlifetime

setting in php.ini

By default it is 1440 secs.

In your config/web.php file:

In $config array:

...

'user' => [
            'identityClass' => 'app\models\User',
            //'enableAutoLogin' => true,
            'enableSession' => true,
            'authTimeout' => 60,
        ],

...

Please note I commented the //enableAutoLogin, that prevents of authTimeout to work properly

if you want log out user after X time. You should check with ajax each second. If expired redirect to log out

Just remove "enableAutoLogin" from your user config and it will just work fine.

Your code shall look like this:

'user' => [
            'identityClass' => 'app\models\User',
            'authTimeout'=>100
        ],