[FIX] auth_session_timeout: problem whereby page is refreshed with F5…

…, but /web is a public route, so it does not trigger the session check but it does trigger session save, so the file mtime is updated before the second HTTP call makes the check takes place, and session is not expired
OCA · Nov 15, 2024 · 313dc31 · 313dc31
1 parent 241f1b8
commit 313dc31
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/auth_session_timeout/models/ir_http.py b/auth_session_timeout/models/ir_http.py
@@ -10,7 +10,11 @@ class IrHttp(models.AbstractModel):
     @classmethod
     def _authenticate(cls, endpoint):
         res = super(IrHttp, cls)._authenticate(endpoint=endpoint)
-        auth_method = endpoint.routing["auth"]
-        if auth_method == "user" and request and request.env and request.env.user:
+        if (
+            request
+            and request.session
+            and request.session.uid
+            and not request.env["res.users"].browse(request.session.uid)._is_public()
+        ):
             request.env.user._auth_timeout_check()
         return res