[FIX] auth_session_timeout: problem whereby page is refreshed with F5…

…, but /web is a public route, so it does not trigger the session check but it does trigger session save, so the file mtime is updated before the second HTTP call makes the check takes place, and session is not expired
OCA · Aug 12, 2023 · 56e3d2d · 56e3d2d
1 parent e306bf2
commit 56e3d2d
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/auth_session_timeout/models/ir_http.py b/auth_session_timeout/models/ir_http.py
@@ -10,7 +10,11 @@ class IrHttp(models.AbstractModel):
     @classmethod
     def _authenticate(cls, endpoint):
         res = super(IrHttp, cls)._authenticate(endpoint=endpoint)
-        auth_method = endpoint.routing["auth"]
-        if auth_method == "user" and request and request.session and request.session.uid:
+        if (
+            request
+            and request.session
+            and request.session.uid
+            and not request.env["res.users"].browse(request.session.uid)._is_public()
+        ):
             request.env.user._auth_timeout_check()
         return res