In user component , in renewAuthStatus function ( github framework/web/User.php Line623 )
when the authTimeout expire the system will call the logout function with "false" as parameter
if ($expire !== null && $expire < time() || $expireAbsolute !== null && $expireAbsolute < time()) {
$this->logout(false);
}
This will logout the user and remove the idParam and not to destroy all the session info.
I’m trying to find out what is the reason behind that.
One of the purpose “maybe” is to keep those data available in case we have the enableAutoLogin set as “true” ( which will use the cookie to login the user again ) so we don’t need to query any info again.
But this really doesn’t make sense for me.
So my question does anyone know what is the purpose of logout with a "false" parameter in this case ( inside renewAuthStatus function ) ?
Thanks in advance!!