added autologout module

sites/all/modules/contrib/users/autologout/LICENSE.txt

@@ -0,0 +1,339 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+                            NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.

sites/all/modules/contrib/users/autologout/README.txt

@@ -0,0 +1,54 @@
+CONTENTS OF THIS FILE
+---------------------
+ * Introduction
+ * Requirements
+ * Recommended Modules
+ * Installation
+ * Configuration
+
+INTRODUCTION
+------------
+After a given timeout has passed, users are given a configurable session
+expiration prompt. They can reset the timeout, logout, or ignore it, in which
+case they'll be logged out after the padding time is elapsed. This is all backed
+up by a server side logout if JS is disabled or bypassed.
+
+REQUIREMENTS
+------------
+None.
+
+RECOMMENDED MODULES
+-------------------
+ * Session Limit (https://www.drupal.org/project/session_limit)
+ * Password Policy (https://www.drupal.org/project/password_policy)
+
+INSTALLATION
+------------
+ * Install as usual:
+ See https://www.drupal.org/documentation/install/modules-themes/modules-8
+ for further information.
+
+CONFIGURATION
+-------------
+* Configure permissions : Home >> Administration >> People
+  (/admin/people/permissions)
+* Configure Automated logout : Home >> Administration >> Configuration >> People
+  (/admin/config/people/autologout)
+* Configurable "Global timeout" and "Timeout padding".
+  The latter determines how much time a user has to respond to the prompt
+  and when the server side timeout will occur.
+* Configurable messaging.
+* Configurable "Redirect URL" with the destination automatically appended.
+* Configure which roles will be automatically logged out.
+* Configure if a logout will occur on admin pages.
+* Integration with ui.dialog if available.
+  This makes for attractive and more functional dialogs.
+* Configurable timeout based on user.
+* Configurable maximum timeout.
+  Primarily used when a user has permission to change their timeout value,
+  this will be a cap or maximum value they can use.
+* Order of precedence is : user timeout -> lowest role timeout -> global
+  timeout.
+* So if a user has a user timeout set, that is their timeout threshold,
+  if none is set the lowest timeout value based on all the roles the user
+  belongs to is used, if none is set the global timeout is used.

sites/all/modules/contrib/users/autologout/autologout.api.php

@@ -0,0 +1,49 @@
+<?php
+
+/**
+ * @file
+ * Describe hooks provided by the autologout module.
+ */
+
+/**
+ * Prevent autologout logging a user out.
+ *
+ * This allows other modules to indicate that a page should not be included
+ * in the autologout checks. This works in the same way as not ticking the
+ * enforce on admin pages option for autologout which stops a user being logged
+ * out of admin pages.
+ *
+ * @return bool
+ *   Return TRUE if you do not want the user to be logged out.
+ *   Return FALSE (or nothing) if you want to leave the autologout
+ *   process alone.
+ */
+function hook_autologout_prevent() {
+  // Don't include autologout JS checks on ajax callbacks.
+  $path_args = explode('/', current_path());
+  $blacklist = [
+    'ajax',
+    'autologout_ahah_logout',
+    'autologout_ahah_set_last',
+  ];
+
+  if (in_array($path_args[0], $blacklist)) {
+    return TRUE;
+  }
+}
+
+/**
+ * Keep a login alive whilst the user is on a particular page.
+ *
+ * @return bool
+ *   By returning TRUE from this function the JS which talks to autologout
+ *   module is included in the current page request and periodically dials back
+ *   to the server to keep the login alive.
+ *   Return FALSE (or nothing) to just use the standard behaviour.
+ */
+function hook_autologout_refresh_only() {
+  // Check to see if an open admin page will keep login alive.
+  if (\Drupal::service('router.admin_context')->isAdminRoute(routeMatch()->getRouteObject()) && !\Drupal::config('autologout.settings')->get('enforce_admin')) {
+    return TRUE;
+  }
+}

sites/all/modules/contrib/users/autologout/autologout.info.yml

@@ -0,0 +1,11 @@
+name: Automated Logout
+type: module
+description: 'Adds automated timed logout.'
+# core: 8.x
+configure: autologout.set_admin
+
+# Information added by Drupal.org packaging script on 2017-05-08
+version: '8.x-1.0'
+core: '8.x'
+project: 'autologout'
+datestamp: 1494237191

sites/all/modules/contrib/users/autologout/autologout.install

@@ -0,0 +1,31 @@
+<?php
+use Drupal\Core\Database\Database;
+/**
+ * Transfer logouts time settings from configs to states.
+ */
+function autologout_update_8001(&$sandbox) {
+  $result = Database::getConnection()
+    ->select('config', 'c')
+    ->fields('c', ['name', 'data'])
+    ->condition('name', 'autologout.user.%', 'LIKE')
+    ->execute()->fetchAll();
+  if (!isset($sandbox['current'])) {
+    $sandbox['current'] = 0;
+    $sandbox['max'] = count($result);
+  }
+  $limit = 5;
+  $result = array_slice($result, $sandbox['current'], $limit);
+  foreach ($result as $row) {
+    $key = $row->name;
+    // User uid is a part of the key after. E.g. autologout.user.1 for user 1.
+    $user_id = (substr($key, 16));
+    $data = unserialize($row->data);
+    \Drupal::service('user.data')->set('autologout', $user_id, 'timeout', $data['timeout']);
+    \Drupal::service('user.data')->set('autologout', $user_id, 'enabled', $data['enabled']);
+    $sandbox['current']++;
+  }
+  $sandbox['#finished'] = empty($sandbox['max']) ? 1 : ($sandbox['current'] / $sandbox['max']);
+  if ($sandbox['#finished'] >= 1) {
+    return t('Autologout settings are successfully updated. Updated @users', ["@users" => $sandbox['max']]);
+  }
+}

sites/all/modules/contrib/users/autologout/autologout.libraries.yml

@@ -0,0 +1,9 @@
+drupal.autologout:
+  version: VERSION
+  js:
+    js/autologout.js: { weight: -2 }
+
+  dependencies:
+    - core/drupal.dialog
+    - core/drupal.ajax
+    - core/drupalSettings

sites/all/modules/contrib/users/autologout/autologout.links.menu.yml

@@ -0,0 +1,6 @@
+autologout.set_admin:
+  title: 'Automated logout settings'
+  parent: user.admin_index
+  description: 'Configure default automated logout settings.'
+  weight: -10
+  route_name: autologout.set_admin

sites/all/modules/contrib/users/autologout/autologout.module

@@ -0,0 +1,236 @@
+<?php
+
+use Drupal\Core\Url;
+use Drupal\Core\Form\FormStateInterface;
+use Drupal\Core\Routing\RouteMatchInterface;
+
+/**
+ * Implements hook_help().
+ */
+function autologout_help($route_name, RouteMatchInterface $route_match) {
+  switch ($route_name) {
+    case 'help.page.autologout':
+      $seconds = \Drupal::service('autologout.manager')->getUserTimeout();
+      $output = '';
+      $output .= '<h3>' . t('About') . '</h3>';
+      $output .= '<p>' . t("This module allows you to force site users to be logged out after a given amount of time due to inactivity after first being presented with a confirmation dialog. Your current logout threshold is %seconds seconds.", ['%seconds' => $seconds]) . '</p>';
+      return $output;
+  }
+}
+
+/**
+ * Implements hook_form_FORM_ID_alter().
+ *
+ * Adds a field to user/edit to change that users logout.
+ */
+function autologout_form_user_form_alter(&$form, FormStateInterface $form_state) {
+  $user = \Drupal::currentUser();
+  $account = $form_state->getFormObject()->getEntity();
+  $user_id = $account->id();
+  $access = FALSE;
+
+  // If user has access to change, and they are changing their own and only
+  // their own timeout. Or they are an admin.
+  if (!\Drupal::currentUser()->isAnonymous() && (($user->hasPermission('change own logout threshold') && $user->id() == $user_id) || $user->hasPermission('administer autologout'))) {
+    $access = TRUE;
+    $autologout_data = \Drupal::service('user.data')->get('autologout', $user_id, 'timeout');
+  }
+
+  if ($access) {
+    $form['user_' . $user_id] = [
+      '#type' => 'textfield',
+      '#title' => t('Your current logout threshold'),
+      '#default_value' => isset($autologout_data) ? $autologout_data : '',
+      '#size' => 8,
+      '#description' => t('How many seconds to give a user to respond to the logout dialog before ending their session.'),
+      '#element_validate' => ['_autologout_user_uid_timeout_validate'],
+    ];
+
+    $form['actions']['submit']['#submit'][] = 'autologout_user_profile_submit';
+  }
+}
+
+/**
+ * Form validation.
+ */
+function _autologout_user_uid_timeout_validate($element, FormStateInterface $form_state) {
+  $max_timeout = \Drupal::config('autologout.settings')->get('max_timeout');
+  $timeout = $element['#value'];
+
+  // Set error if timeout isn't strictly a number between 60 and max.
+  if ($timeout != "" && ($timeout < 10 || ($timeout > 0 && $timeout < 60) || $timeout > $max_timeout || !is_numeric($timeout))) {
+    $form_state->setError($element, t('The timeout must be an integer greater than 60, and less then %max.', ['%max' => $max_timeout]));
+  }
+}
+
+/**
+ * Handle submission of timeout threshold in user/edit.
+ */
+function autologout_user_profile_submit(&$form, FormStateInterface $form_state) {
+  $user_id = $form_state->getFormObject()->getEntity()->id();
+
+  $timeout = $form_state->getValue('user_' . $user_id);
+  $enabled = ($timeout != '') ? TRUE : FALSE;
+
+  \Drupal::service('user.data')->set('autologout', $user_id, 'timeout', $timeout);
+}
+
+/**
+ * Implements hook_autologout_prevent().
+ */
+function autologout_autologout_prevent() {
+  $user = \Drupal::currentUser();
+
+  // Don't include autologout JS checks on ajax callbacks.
+  $paths = [
+    'system',
+    'autologout_ajax_get_time_left',
+    'autologout_ahah_logout',
+    'autologout_ahah_set_last',
+  ];
+  // getPath is used because Url::fromRoute('<current>')->toString() doesn't
+  // give correct path for XHR request.
+  $url = \Drupal::service('path.current')->getPath();
+  $path_args = explode('/', $url);
+  if (in_array($path_args[1], $paths)) {
+    return TRUE;
+  }
+
+  // If user is anonymous or has no timeout set.
+  if ($user->id() == 0 || (!\Drupal::service('autologout.manager')->getUserTimeout())) {
+    return TRUE;
+  }
+
+  // If the user has checked remember_me via the remember_me module.
+  $remember_me = \Drupal::service('user.data')->get('remember_me', $user->id(), 'remember_me');
+  if (!empty($remember_me)) {
+    return TRUE;
+  }
+}
+
+/**
+ * Implements hook_autologout_refresh_only().
+ */
+function autologout_autologout_refresh_only() {
+  if (!\Drupal::config('autologout.settings')->get('enforce_admin') && \Drupal::service('router.admin_context')->isAdminRoute(\Drupal::routeMatch()->getRouteObject())) {
+    return TRUE;
+  }
+}
+
+/**
+ * Implements hook_page_attachments().
+ *
+ * Add a form element to every page which is used to detect if the page was
+ * loaded from browser cache. This happens when the browser's back button is
+ * pressed for example. The JS will set the value of the hidden input element
+ * to 1 after initial load. If this is 1 on subsequent loads, the page was
+ * loaded from cache and an autologout timeout refresh needs to be triggered.
+ */
+function autologout_page_attachments(array &$page) {
+  $autologout_manager = \Drupal::service('autologout.manager');
+
+  // Check if JS should be included on this request.
+  if ($autologout_manager->preventJs()) {
+    return;
+  }
+
+  // Check if anything wants to be refresh only. This URL would include the
+  // javascript but will keep the login alive whilst that page is opened.
+  $refresh_only = $autologout_manager->refreshOnly();
+
+  $settings = \Drupal::config('autologout.settings');
+
+  $timeout = $autologout_manager->getUserTimeout();
+  $timeout_padding = $settings->get('padding');
+  $redirect_url = $settings->get('redirect_url');
+  $redirect_query = \Drupal::service('redirect.destination')->getAsArray() + ['autologout_timeout' => 1];
+  $no_dialog = $settings->get('no_dialog');
+  $use_alt_logout_method = $settings->get('use_alt_logout_method');
+
+  // Get all settings JS will need for dialog.
+  $msg = t('@msg', ['@msg' => $settings->get('message')]);
+  $settings = [
+    'timeout' => $refresh_only ? ($timeout * 500) : ($timeout * 1000),
+    'timeout_padding' => $timeout_padding * 1000,
+    'message' => t('@msg', ['@msg' => $msg]),
+    'redirect_url' => Url::fromUserInput($redirect_url, ['query' => $redirect_query])->toString(),
+    'title' => t('@name Alert', ['@name' => \Drupal::config('system.site')->get('name')]),
+    'refresh_only' => $refresh_only,
+    'no_dialog' => $no_dialog,
+    'use_alt_logout_method' => $use_alt_logout_method,
+  ];
+  // If this is an AJAX request, then the logout redirect url should still be
+  // referring to the page that generated this request.
+  if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
+    global $base_url;
+    $relative_url = str_replace($base_url . '/', '', $_SERVER['HTTP_REFERER']);
+    $settings['redirect_url'] = Url::fromUserInput($redirect_url, [
+      'query' => ['destination' => urlencode($relative_url)],
+      'autologout_timeout' => 1,
+    ]);
+  }
+
+  autologout_attach_js($page, $settings, TRUE);
+
+}
+
+/**
+ * Implements hook_page_bottom().
+ */
+function autologout_page_bottom() {
+  if (!\Drupal::service('autologout.manager')->preventJs()) {
+    $page_bottom['autologout'] = [
+      '#markup' => '<form id="autologout-cache-check"><input type="hidden" id="autologout-cache-check-bit" value="0" /></form>',
+    ];
+  }
+}
+
+/**
+ * Adds the necessary js and libraries.
+ *
+ * @param array $element
+ *   The renderable array element to #attach the js to.
+ * @param array $settings
+ *   The JS Settings.
+ */
+function autologout_attach_js(&$element, $settings) {
+  $element['#attached']['drupalSettings']['autologout'] = $settings;
+  $element['#attached']['library'][] = 'autologout/drupal.autologout';
+}
+
+/**
+ * Implements hook_user_login().
+ *
+ * Delete stale sessions for the user on login. This stops
+ * session_limit module thinking the user has reached their
+ * session limit.
+ */
+function autologout_user_login($account) {
+  // Cleanup old sessions.
+  $timeout = \Drupal::service('autologout.manager')->getUserTimeout($account->id());
+
+  if (empty($timeout)) {
+    // Users that don't get logged have their sessions left.
+    return;
+  }
+
+  $timeout_padding = \Drupal::config('autologout.settings')->get('padding');
+  $timestamp = REQUEST_TIME - ($timeout + $timeout_padding);
+
+  // Find all stale sessions.
+  $database = \Drupal::database();
+  $sids = $database->select('sessions', 's')
+    ->fields('s', ['sid'])
+    ->condition('uid', $account->id())
+    ->condition('timestamp', $timestamp, '<')
+    ->orderBy('timestamp', 'DESC')
+    ->execute()
+    ->fetchCol();
+
+  if (!empty($sids)) {
+    // Delete stale sessions at login.
+    $database->delete('sessions')
+      ->condition('sid', $sids, 'IN')
+      ->execute();
+  }
+}

sites/all/modules/contrib/users/autologout/autologout.permissions.yml

@@ -0,0 +1,4 @@
+change own logout threshold:
+  title: 'Change own logout threshold'
+administer autologout:
+  title: 'Administer Autologout'

sites/all/modules/contrib/users/autologout/autologout.routing.yml

@@ -0,0 +1,34 @@
+autologout.set_admin:
+  path: '/admin/config/people/autologout'
+  defaults:
+    _form: '\Drupal\autologout\Form\AutologoutSettingsForm'
+    _title: 'Automated logout settings'
+  requirements:
+    _permission: 'administer autologout'
+
+autologout.ahah_logout:
+  path: '/autologout_ahah_logout'
+  defaults:
+    _controller: '\Drupal\autologout\Controller\AutologoutController::ahahLogout'
+  options:
+    _theme: ajax_base_page
+  requirements:
+    _user_is_logged_in: 'TRUE'
+
+autologout.ahah_set_last:
+  path: '/autologout_ahah_set_last'
+  defaults:
+    _controller: '\Drupal\autologout\Controller\AutologoutController::ahahSetLast'
+  options:
+    _theme: ajax_base_page
+  requirements:
+    _user_is_logged_in: 'TRUE'
+
+autologout.ajax_get_time_left:
+  path: '/autologout_ajax_get_time_left'
+  defaults:
+    _controller: '\Drupal\autologout\Controller\AutologoutController::ahahGetRemainingTime'
+  options:
+    _theme: ajax_base_page
+  requirements:
+    _user_is_logged_in: 'TRUE'

sites/all/modules/contrib/users/autologout/autologout.services.yml

@@ -0,0 +1,12 @@
+services:
+  autologout_event_subscriber:
+    class: Drupal\autologout\EventSubscriber\AutologoutSubscriber
+    tags:
+      - {name: event_subscriber}
+    arguments: ['@autologout.manager']
+
+  autologout.manager:
+    class: Drupal\autologout\AutologoutManager
+    tags:
+      - {name: autologout_manager}
+    arguments: ['@module_handler', '@config.factory']

sites/all/modules/contrib/users/autologout/composer.json

@@ -0,0 +1,7 @@
+{
+  "name": "drupal/autologout",
+  "description": "Adds automated timed logout.",
+  "type": "drupal-module",
+  "homepage": "http://drupal.org/project/autologout",
+  "license": "GPL-2.0+"
+}

sites/all/modules/contrib/users/autologout/config/install/autologout.settings.yml

@@ -0,0 +1,13 @@
+timeout: 1800
+max_timeout: 172800
+padding: 20
+role_logout: false
+redirect_url: /user/login
+no_dialog: false
+message: 'Your session is about to expire. Do you want to reset it?'
+inactivity_message: 'You have been logged out due to inactivity.'
+enforce_admin: false
+jstimer_format: '%hours%:%mins%:%secs%'
+jstimer_js_load_option: false
+use_alt_logout_method: false
+use_watchdog: true

sites/all/modules/contrib/users/autologout/config/schema/autologout.schema.yml

@@ -0,0 +1,64 @@
+autologout.settings:
+  type: config_object
+  mapping:
+    timeout:
+      type: integer
+      label: 'Timeout value'
+    max_timeout:
+      type: integer
+      label: 'Max timeout value'
+    padding:
+      type: integer
+      label: 'Seconds to give a user to respond'
+    role_logout:
+      type: boolean
+      label: 'Enable role timeout'
+    redirect_url:
+      type: string
+      label: 'Redirect url'
+    no_dialog:
+      type: boolean
+      label: 'Integer label'
+    message:
+      type: string
+      label: 'Message to display'
+    inactivity_message:
+      type: string
+      label: 'Message displayed after logging out'
+    enforce_admin:
+      type: boolean
+      label: 'Enable admin logout'
+    jstimer_format:
+      type: string
+      label: 'JS timer format'
+    jstimer_js_load_option:
+      type: boolean
+      label: 'JS timer load'
+    use_alt_logout_method:
+      type: boolean
+      label: 'Use alternate logout methode'
+    use_watchdog:
+      type: boolean
+      label: 'Use watchdog'
+
+autologout.role.*:
+    type: config_object
+    label: 'Role Settings'
+    mapping:
+      enabled:
+        type: boolean
+        label: 'Enabled'
+      timeout:
+        type: integer
+        label: 'Timeout'
+
+autologout.user.*:
+      type: config_object
+      label: 'User Settings'
+      mapping:
+        enabled:
+          type: boolean
+          label: 'Enabled'
+        timeout:
+          type: integer
+          label: 'Timeout'

sites/all/modules/contrib/users/autologout/js/autologout.js

@@ -0,0 +1,313 @@
+/**
+ * @file
+ * JavaScript for autologout.
+ */
+
+(function ($, Drupal) {
+
+  'use strict';
+
+  /**
+   * Attaches the batch behavior for autologout.
+   *
+   * @type {Drupal~behavior}
+   */
+  Drupal.behaviors.autologout = {
+    attach: function (context, settings) {
+      if (context !== document) {
+        return;
+      }
+
+      var paddingTimer;
+      var theDialog;
+      var t;
+      var localSettings;
+
+      // Activity is a boolean used to detect a user has
+      // interacted with the page.
+      var activity;
+
+      // Timer to keep track of activity resets.
+      var activityResetTimer;
+
+      // Prevent settings being overridden by ajax callbacks by cloning it.
+      localSettings = jQuery.extend(true, {}, settings.autologout);
+
+      // Add timer element to prevent detach of all behaviours.
+      var timerMarkup = $('<div id="timer"></div>').hide();
+      $('body').append(timerMarkup);
+
+      if (localSettings.refresh_only) {
+        // On pages where user shouldn't be logged out, don't set the timer.
+        t = setTimeout(keepAlive, localSettings.timeout);
+      }
+      else {
+        // Set no activity to start with.
+        activity = false;
+
+        // Bind formUpdated events to preventAutoLogout event.
+        $('body').bind('formUpdated', function (event) {
+          $(event.target).trigger('preventAutologout');
+        });
+
+        // Bind formUpdated events to preventAutoLogout event.
+        $('body').bind('mousemove', function (event) {
+          $(event.target).trigger('preventAutologout');
+        });
+
+        // Support for CKEditor.
+        if (typeof CKEDITOR !== 'undefined') {
+          CKEDITOR.on('instanceCreated', function (e) {
+            e.editor.on('contentDom', function () {
+              e.editor.document.on('keyup', function (event) {
+                // Keyup event in ckeditor should prevent autologout.
+                $(e.editor.element.$).trigger('preventAutologout');
+              });
+            });
+          });
+        }
+
+        $('body').bind('preventAutologout', function (event) {
+          // When the preventAutologout event fires, we set activity to true.
+          activity = true;
+
+          // Clear timer if one exists.
+          clearTimeout(activityResetTimer);
+
+          // Set a timer that goes off and resets this activity indicator after
+          // a minute, otherwise sessions never timeout.
+          activityResetTimer = setTimeout(function () {
+            activity = false;
+          }, 60000);
+        });
+
+        // On pages where the user should be logged out, set the timer to popup
+        // and log them out.
+        t = setTimeout(init, localSettings.timeout);
+      }
+
+      function init() {
+        var noDialog = settings.autologout.no_dialog;
+        if (activity) {
+          // The user has been active on the page.
+          activity = false;
+          refresh();
+        }
+        else {
+          // The user has not been active, ask them if they want to stay logged
+          // in and start the logout timer.
+          paddingTimer = setTimeout(confirmLogout, localSettings.timeout_padding);
+          // While the countdown timer is going, lookup the remaining time. If
+          // there is more time remaining (i.e. a user is navigating in another
+          // tab), then reset the timer for opening the dialog.
+          Drupal.Ajax['autologout.getTimeLeft'].autologoutGetTimeLeft(function (time) {
+            if (time > 0) {
+              clearTimeout(paddingTimer);
+              t = setTimeout(init, time);
+            }
+            else {
+              // Logout user right away without displaying a confirmation dialog.
+              if (noDialog) {
+                logout();
+                return;
+              }
+              theDialog = dialog();
+            }
+          });
+        }
+      }
+
+      function dialog() {
+        var buttons = {};
+        buttons[Drupal.t('Yes')] = function () {
+          $(this).dialog("destroy");
+          clearTimeout(paddingTimer);
+          refresh();
+        };
+
+        buttons[Drupal.t('No')] = function () {
+          $(this).dialog("destroy");
+          logout();
+        };
+
+        return $('<div id="autologout-confirm">' + localSettings.message + '</div>').dialog({
+          modal: true,
+          closeOnEscape: false,
+          width: "auto",
+          dialogClass: 'autologout-dialog',
+          title: localSettings.title,
+          buttons: buttons,
+          close: function (event, ui) {
+            logout();
+          }
+        });
+      }
+
+      // A user could have used the reset button on the tab/window they're
+      // actively using, so we need to double check before actually logging out.
+      function confirmLogout() {
+        $(theDialog).dialog('destroy');
+
+        Drupal.Ajax['autologout.getTimeLeft'].autologoutGetTimeLeft(function (time) {
+          if (time > 0) {
+            t = setTimeout(init, time);
+          }
+          else {
+            logout();
+          }
+        });
+      }
+
+      function logout() {
+        if (localSettings.use_alt_logout_method) {
+          window.location = drupalSettings.path.baseUrl + "autologout_ahah_logout";
+        }
+        else {
+          $.ajax({
+            url: drupalSettings.path.baseUrl + "autologout_ahah_logout",
+            type: "POST",
+            beforeSend: function (xhr) {
+              xhr.setRequestHeader('X-Requested-With', {
+                toString: function (){
+                  return '';
+                }
+              });
+            },
+            success: function () {
+              window.location = localSettings.redirect_url;
+            },
+            error: function (XMLHttpRequest, textStatus) {
+              if (XMLHttpRequest.status === 403 || XMLHttpRequest.status === 404) {
+                window.location = localSettings.redirect_url;
+              }
+            }
+          });
+        }
+      }
+
+      /**
+       * Get the remaining time.
+       *
+       * Use the Drupal ajax library to handle get time remaining events
+       * because if using the JS Timer, the return will update it.
+       *
+       * @param function callback(time)
+       *   The function to run when ajax is successful. The time parameter
+       *   is the time remaining for the current user in ms.
+       */
+      Drupal.Ajax.prototype.autologoutGetTimeLeft = function (callback) {
+        var ajax = this;
+
+        if (ajax.ajaxing) {
+          return false;
+        }
+        ajax.options.success = function (response, status) {
+          if (typeof response == 'string') {
+            response = $.parseJSON(response);
+          }
+          if (typeof response[0].command === 'string' && response[0].command === 'alert') {
+            // In the event of an error, we can assume user has been logged out.
+            window.location = localSettings.redirect_url;
+          }
+
+          callback(response[1].settings.time);
+
+          response[0].data = '<div id="timer" style="display: none;">' + response[0].data + '</div>';
+
+          // Let Drupal.ajax handle the JSON response.
+          return ajax.success(response, status);
+        };
+
+        try {
+          $.ajax(ajax.options);
+        }
+        catch (e) {
+          ajax.ajaxing = false;
+        }
+      };
+
+      Drupal.Ajax['autologout.getTimeLeft'] = Drupal.ajax({
+        base: null,
+        element: document.body,
+        url: drupalSettings.path.baseUrl + 'autologout_ajax_get_time_left',
+        event: 'autologout.getTimeLeft',
+        error: function (XMLHttpRequest, textStatus) {
+          // Disable error reporting to the screen.
+        }
+      });
+
+      /**
+       * Handle refresh event.
+       *
+       * Use the Drupal ajax library to handle refresh events because if using
+       * the JS Timer, the return will update it.
+       *
+       * @param function timerFunction
+       *   The function to tell the timer to run after its been restarted.
+       */
+      Drupal.Ajax.prototype.autologoutRefresh = function (timerfunction) {
+        var ajax = this;
+
+        if (ajax.ajaxing) {
+          return false;
+        }
+
+        ajax.options.success = function (response, status) {
+          if (typeof response === 'string') {
+            response = $.parseJSON(response);
+          }
+          if (typeof response[0].command === 'string' && response[0].command === 'alert') {
+            // In the event of an error, we can assume the user has been logged out.
+            window.location = localSettings.redirect_url;
+          }
+
+          t = setTimeout(timerfunction, localSettings.timeout);
+          activity = false;
+
+          // Wrap response data in timer markup to prevent detach of all behaviors.
+          response[0].data = '<div id="timer" style="display: none;">' + response[0].data + '</div>';
+
+          // Let Drupal.ajax handle the JSON response.
+          return ajax.success(response, status);
+        };
+
+        try {
+          $.ajax(ajax.options);
+        }
+        catch (e) {
+          ajax.ajaxing = false;
+        }
+      };
+
+      Drupal.Ajax['autologout.refresh'] = Drupal.ajax({
+        base: null,
+        element: document.body,
+        url: drupalSettings.path.baseUrl + 'autologout_ahah_set_last',
+        event: 'autologout.refresh',
+        error: function (XMLHttpRequest, textStatus) {
+          // Disable error reporting to the screen.
+        }
+      });
+
+      function keepAlive() {
+        Drupal.Ajax['autologout.refresh'].autologoutRefresh(keepAlive);
+      }
+
+      function refresh() {
+        Drupal.Ajax['autologout.refresh'].autologoutRefresh(init);
+      }
+
+      // Check if the page was loaded via a back button click.
+      var $dirty_bit = $('#autologout-cache-check-bit');
+      if ($dirty_bit.length !== 0) {
+        if ($dirty_bit.val() === '1') {
+          // Page was loaded via back button click, we should refresh the timer.
+          refresh();
+        }
+
+        $dirty_bit.val('1');
+      }
+    }
+  };
+
+})(jQuery, Drupal);

sites/all/modules/contrib/users/autologout/src/AutologoutManager.php

@@ -0,0 +1,195 @@
+<?php
+
+namespace Drupal\autologout;
+
+use Drupal\Core\Config\ConfigFactoryInterface;
+use Drupal\Core\Extension\ModuleHandlerInterface;
+use Drupal\user\Entity\User;
+use Drupal\Core\Session\AnonymousUserSession;
+
+/**
+ * Defines an AutologoutManager service.
+ */
+class AutologoutManager implements AutologoutManagerInterface {
+
+  /**
+   * The module manager service.
+   *
+   * @var \Drupal\Core\Extension\ModuleHandlerInterface
+   */
+  protected $moduleHandler;
+
+  /**
+   * The config object for 'autologout.settings'.
+   *
+   * @var \Drupal\Core\Config\Config
+   */
+  protected $autoLogoutSettings;
+
+  /**
+   * The config factory service.
+   *
+   * @var \Drupal\Core\Config\ConfigFactoryInterface
+   */
+  protected $configFactory;
+
+  /**
+   * Constructs an AutologoutManager object.
+   *
+   * @param \Drupal\Core\Extension\ModuleHandlerInterface $module_handler
+   *   The module handler.
+   */
+  public function __construct(ModuleHandlerInterface $module_handler, ConfigFactoryInterface $config_factory) {
+    $this->moduleHandler = $module_handler;
+    $this->autoLogoutSettings = $config_factory->get('autologout.settings');
+    $this->configFactory = $config_factory;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function preventJs() {
+    foreach ($this->moduleHandler->invokeAll('autologout_prevent') as $prevent) {
+      if (!empty($prevent)) {
+        return TRUE;
+      }
+    }
+
+    return FALSE;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function refreshOnly() {
+    foreach ($this->moduleHandler->invokeAll('autologout_refresh_only') as $module_refresh_only) {
+      if (!empty($module_refresh_only)) {
+        return TRUE;
+      }
+    }
+
+    return FALSE;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function inactivityMessage() {
+    $message = $this->autoLogoutSettings->get('inactivity_message');
+    if (!empty($message)) {
+      drupal_set_message($message);
+    }
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function logout() {
+    $user = \Drupal::currentUser();
+
+    if ($this->autoLogoutSettings->get('use_watchdog')) {
+      \Drupal::logger('user')->info('Session automatically closed for %name by autologout.', ['%name' => $user->getAccountName()]);
+    }
+
+    // Destroy the current session.
+    $this->moduleHandler->invokeAll('user_logout', [$user]);
+    \Drupal::service('session_manager')->destroy();
+    $user->setAccount(new AnonymousUserSession());
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function getRoleTimeout() {
+    $roles = user_roles(TRUE);
+    $role_timeout = [];
+
+    // Go through roles, get timeouts for each and return as array.
+    foreach ($roles as $name => $role) {
+      $role_settings = $this->configFactory->get('autologout.role.' . $name);
+      if ($role_settings->get('enabled')) {
+        $timeout_role = $role_settings->get('timeout');
+        $role_timeout[$name] = $timeout_role;
+      }
+    }
+    return $role_timeout;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function getRemainingTime() {
+    $timeout = $this->getUserTimeout();
+    $time_passed = isset($_SESSION['autologout_last']) ? REQUEST_TIME - $_SESSION['autologout_last'] : 0;
+    return $timeout - $time_passed;
+  }
+
+
+  /**
+   * {@inheritdoc}
+   */
+  public function createTimer() {
+    return $this->getRemainingTime();
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function getUserTimeout($uid = NULL) {
+    if (is_null($uid)) {
+      // If $uid is not provided, use the logged in user.
+      $user = \Drupal::currentUser();
+    }
+    else {
+      $user = User::load($uid);
+    }
+
+    if ($user->id() == 0) {
+      // Anonymous doesn't get logged out.
+      return 0;
+    }
+    $user_timeout = \Drupal::service('user.data')->get('autologout', $user->id(), 'timeout');
+
+    if (is_numeric($user_timeout)) {
+      // User timeout takes precedence.
+      return $user_timeout;
+    }
+
+    // Get role timeouts for user.
+    if ($this->autoLogoutSettings->get('role_logout')) {
+      $user_roles = $user->getRoles();
+      $output = [];
+      $timeouts = $this->getRoleTimeout();
+      foreach ($user_roles as $rid => $role) {
+        if (isset($timeouts[$role])) {
+          $output[$rid] = $timeouts[$role];
+        }
+      }
+
+      // Assign the lowest timeout value to be session timeout value.
+      if (!empty($output)) {
+        // If one of the user's roles has a unique timeout, use this.
+        return min($output);
+      }
+    }
+
+    // If no user or role override exists, return the default timeout.
+    return $this->autoLogoutSettings->get('timeout');
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function logoutRole($user) {
+    if ($this->autoLogoutSettings->get('role_logout')) {
+      foreach ($user->roles as $name => $role) {
+        if ($this->configFactory->get('autologout.role.' . $name . '.enabled')) {
+          return TRUE;
+        }
+      }
+    }
+
+    return FALSE;
+  }
+
+}

sites/all/modules/contrib/users/autologout/src/AutologoutManagerInterface.php

@@ -0,0 +1,83 @@
+<?php
+
+namespace Drupal\autologout;
+
+/**
+ * Interface for AutologoutManager.
+ */
+interface AutologoutManagerInterface {
+
+  /**
+   * Get the timer HTML markup.
+   *
+   * @return string
+   *   HTML to insert a countdown timer.
+   */
+  public function createTimer();
+
+  /**
+   * Get the time remaining before logout.
+   *
+   * @return int
+   *   Number of seconds remaining.
+   */
+  public function getRemainingTime();
+
+  /**
+   * Go through every role to get timeout value, default is the global timeout.
+   *
+   * @return int
+   *   Number of seconds timeout set for the user role.
+   */
+  public function getRoleTimeout();
+
+  /**
+   * Get a user's timeout in seconds.
+   *
+   * @param int $uid
+   *   (Optional) Provide a user's uid to get the timeout for.
+   *   Default is the logged in user.
+   *
+   * @return int
+   *   The number of seconds the user can be idle for before being logged out.
+   *   A value of 0 means no timeout.
+   */
+  public function getUserTimeout($uid = NULL);
+
+  /**
+   * Perform Logout.
+   *
+   * Helper to perform the actual logout. Destroys the session of the logged
+   * in user.
+   */
+  public function logout();
+
+  /**
+   * Helper to determine if a given user should be autologged out.
+   */
+  public function logoutRole($user);
+
+  /**
+   * Display the inactivity message if required when the user is logged out.
+   */
+  public function inactivityMessage();
+
+  /**
+   * Determine if autologout should be prevented.
+   *
+   * @return bool
+   *   TRUE if there is a reason not to autologout
+   *   the current user on the current page.
+   */
+  public function preventJs();
+
+  /**
+   * Determine if connection should be refreshed.
+   *
+   * @return bool
+   *   TRUE if something about the current context should keep the connection
+   *   open. FALSE and the standard countdown to autologout applies.
+   */
+  public function refreshOnly();
+
+}

sites/all/modules/contrib/users/autologout/src/Controller/AutologoutController.php

@@ -0,0 +1,82 @@
+<?php
+
+namespace Drupal\autologout\Controller;
+
+use Drupal\autologout\AutologoutManagerInterface;
+use Symfony\Component\DependencyInjection\ContainerInterface;
+use Drupal\Core\Ajax;
+use Drupal\Core\Ajax\AjaxResponse;
+use Drupal\Core\Controller\ControllerBase;
+
+/**
+ * Returns responses for autologout module routes.
+ */
+class AutologoutController extends ControllerBase {
+
+  /**
+   * The autologout manager service.
+   *
+   * @var \Drupal\autologout\AutologoutManagerInterface
+   */
+  protected $autoLogoutManager;
+
+  /**
+   * Constructs an AutologoutSubscriber object.
+   *
+   * @param \Drupal\autologout\AutologoutManagerInterface $autologout
+   *   The autologout manager service.
+   */
+  public function __construct(AutologoutManagerInterface $autologout) {
+    $this->autoLogoutManager = $autologout;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public static function create(ContainerInterface $container) {
+    return new static(
+      $container->get('autologout.manager')
+    );
+  }
+
+  /**
+   * AJAX callback that performs the actual logout and redirects the user.
+   */
+  public function ahahLogout() {
+    $this->autoLogoutManager->logout();
+    $response = new AjaxResponse();
+    $response->setStatusCode(200);
+    return $response;
+  }
+
+  /**
+   * Ajax callback to reset the last access session variable.
+   */
+  public function ahahSetLast() {
+    $_SESSION['autologout_last'] = REQUEST_TIME;
+
+    // Reset the timer.
+    $response = new AjaxResponse();
+    $markup = $this->autoLogoutManager->createTimer();
+    $response->addCommand(new Ajax\ReplaceCommand('#timer', $markup));
+
+    return $response;
+  }
+
+  /**
+   * AJAX callback that returns the time remaining for this user is logged out.
+   */
+  public function ahahGetRemainingTime() {
+    $time_remaining_ms = $this->autoLogoutManager->getRemainingTime() * 1000;
+
+    // Reset the timer.
+    $response = new AjaxResponse();
+    $markup = $this->autoLogoutManager->createTimer();
+
+    $response->addCommand(new Ajax\ReplaceCommand('#timer', $markup));
+    $response->addCommand(new Ajax\SettingsCommand(['time' => $time_remaining_ms]));
+
+    return $response;
+  }
+
+}

sites/all/modules/contrib/users/autologout/src/EventSubscriber/AutologoutSubscriber.php

@@ -0,0 +1,93 @@
+<?php
+
+namespace Drupal\autologout\EventSubscriber;
+
+use Drupal\autologout\AutologoutManagerInterface;
+use Symfony\Component\HttpKernel\KernelEvents;
+use Symfony\Component\HttpKernel\Event\GetResponseEvent;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+
+/**
+ * Defines autologout Subscriber.
+ */
+class AutologoutSubscriber implements EventSubscriberInterface {
+
+  /**
+   * The autologout manager service.
+   *
+   * @var \Drupal\autologout\AutologoutManagerInterface
+   */
+  protected $autoLogoutManager;
+
+  /**
+   * Constructs an AutologoutSubscriber object.
+   *
+   * @param \Drupal\autologout\AutologoutManagerInterface $autologout
+   *   The autologout manager service.
+   */
+  public function __construct(AutologoutManagerInterface $autologout) {
+    $this->autoLogoutManager = $autologout;
+  }
+
+  /**
+   * Check for autologout JS.
+   *
+   * @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event
+   *   The request event.
+   */
+  public function onRequest(GetResponseEvent $event) {
+    $autologout_manager = \Drupal::service('autologout.manager');
+
+    $uid = \Drupal::currentUser()->id();
+
+    if ($uid == 0) {
+      if (!empty($_GET['autologout_timeout']) && $_GET['autologout_timeout'] == 1 && empty($_POST)) {
+        $autologout_manager->inactivityMessage();
+      }
+      return;
+    }
+
+    if ($this->autoLogoutManager->preventJs()) {
+      return;
+    }
+
+    $now = REQUEST_TIME;
+    // Check if anything wants to be refresh only. This URL would include the
+    // javascript but will keep the login alive whilst that page is opened.
+    $refresh_only = $autologout_manager->refreshOnly();
+    $settings = \Drupal::config('autologout.settings');
+    $timeout = $autologout_manager->getUserTimeout();
+    $timeout_padding = $settings->get('padding');
+
+    // We need a backup plan if JS is disabled.
+    if (!$refresh_only && isset($_SESSION['autologout_last'])) {
+      // If time since last access is > timeout + padding, log them out.
+      $diff = $now - $_SESSION['autologout_last'];
+      if ($diff >= ($timeout + (int) $timeout_padding)) {
+        $autologout_manager->logout();
+        // User has changed so force Drupal to remake decisions based on user.
+        global $theme, $theme_key;
+        drupal_static_reset();
+        $theme = NULL;
+        $theme_key = NULL;
+        \Drupal::theme()->getActiveTheme();
+        $autologout_manager->inactivityMessage();
+      }
+      else {
+        $_SESSION['autologout_last'] = $now;
+      }
+    }
+    else {
+      $_SESSION['autologout_last'] = $now;
+    }
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public static function getSubscribedEvents() {
+    $events[KernelEvents::REQUEST][] = ['onRequest', 100];
+    return $events;
+  }
+
+}

sites/all/modules/contrib/users/autologout/src/Form/AutologoutBlockForm.php

@@ -0,0 +1,77 @@
+<?php
+
+namespace Drupal\autologout\Form;
+
+use Drupal\autologout\AutologoutManagerInterface;
+use Drupal\Core\Form\FormBase;
+use Drupal\Core\Form\FormStateInterface;
+use Symfony\Component\DependencyInjection\ContainerInterface;
+
+/**
+ * Provides a settings for autologout module.
+ */
+class AutologoutBlockForm extends FormBase {
+
+  /**
+   * The autologout manager service.
+   *
+   * @var \Drupal\autologout\AutologoutManagerInterface
+   */
+  protected $autoLogoutManager;
+
+  /**
+   * {@inheritdoc}
+   */
+  public function getFormId() {
+    return 'autologout_block_settings';
+  }
+
+  /**
+   * Constructs an AutologoutBlockForm object.
+   *
+   * @param \Drupal\autologout\AutologoutManagerInterface $autologout
+   *   The autologout manager service.
+   */
+  public function __construct(AutologoutManagerInterface $autologout) {
+    $this->autoLogoutManager = $autologout;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public static function create(ContainerInterface $container) {
+    return new static(
+      $container->get('autologout.manager')
+    );
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function buildForm(array $form, FormStateInterface $form_state) {
+    $form['reset'] = [
+      '#type' => 'button',
+      '#value' => t('Reset Timeout'),
+      '#weight' => 1,
+      '#limit_validation_errors' => FALSE,
+      '#executes_submit_callback' => FALSE,
+      '#ajax' => [
+        'callback' => 'autologout_ahah_set_last',
+      ],
+    ];
+
+    $form['timer'] = [
+      '#markup' => $this->autoLogoutManager->createTimer(),
+    ];
+
+    return parent::buildForm($form, $form_state);
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function submitForm(array &$form, FormStateInterface $form_state) {
+    // Submits on block form.
+  }
+
+}

sites/all/modules/contrib/users/autologout/src/Form/AutologoutSettingsForm.php

@@ -0,0 +1,315 @@
+<?php
+
+namespace Drupal\autologout\Form;
+
+use Drupal\Core\Config\ConfigFactoryInterface;
+use Drupal\Core\Form\ConfigFormBase;
+use Drupal\Core\Form\FormStateInterface;
+use Drupal\Core\Extension\ModuleHandlerInterface;
+use Symfony\Component\DependencyInjection\ContainerInterface;
+
+/**
+ * Provides settings for autologout module.
+ */
+class AutologoutSettingsForm extends ConfigFormBase {
+
+  /**
+   * The module manager service.
+   *
+   * @var \Drupal\Core\Extension\ModuleHandlerInterface
+   */
+  protected $moduleHandler;
+
+  /**
+   * Constructs an AutologoutSettingsForm object.
+   *
+   * @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory
+   *   The factory for configuration objects.
+   * @param \Drupal\Core\Extension\ModuleHandlerInterface $module_handler
+   *   The module manager service.
+   */
+  public function __construct(ConfigFactoryInterface $config_factory, ModuleHandlerInterface $module_handler) {
+    parent::__construct($config_factory);
+    $this->moduleHandler = $module_handler;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public static function create(ContainerInterface $container) {
+    return new static(
+      $container->get('config.factory'),
+      $container->get('module_handler')
+    );
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function getEditableConfigNames() {
+    return ['autologout.settings'];
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function getFormId() {
+    return 'autologout_settings';
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function buildForm(array $form, FormStateInterface $form_state) {
+    $config = $this->config('autologout.settings');
+    $form['timeout'] = [
+      '#type' => 'textfield',
+      '#title' => $this->t('Timeout value in seconds'),
+      '#default_value' => $config->get('timeout'),
+      '#size' => 8,
+      '#weight' => -10,
+      '#description' => $this->t('The length of inactivity time, in seconds, before automated log out.  Must be 60 seconds or greater. Will not be used if role timeout is activated.'),
+    ];
+
+    $form['max_timeout'] = [
+      '#type' => 'textfield',
+      '#title' => $this->t('Max timeout setting'),
+      '#default_value' => $config->get('max_timeout'),
+      '#size' => 10,
+      '#maxlength' => 12,
+      '#weight' => -8,
+      '#description' => $this->t('The maximum logout threshold time that can be set by users who have the permission to set user level timeouts.'),
+    ];
+
+    $form['padding'] = [
+      '#type' => 'textfield',
+      '#title' => $this->t('Timeout padding'),
+      '#default_value' => $config->get('padding'),
+      '#size' => 8,
+      '#weight' => -6,
+      '#description' => $this->t('How many seconds to give a user to respond to the logout dialog before ending their session.'),
+    ];
+
+    $form['role_logout'] = [
+      '#type' => 'checkbox',
+      '#title' => $this->t('Role Timeout'),
+      '#default_value' => $config->get('role_logout'),
+      '#weight' => -4,
+      '#description' => $this->t('Enable each role to have its own timeout threshold, a refresh maybe required for changes to take effect. Any role not ticked will use the default timeout value. Any role can have a value of 0 which means that they will never be logged out.'),
+    ];
+
+    $form['redirect_url']  = [
+      '#type' => 'textfield',
+      '#title' => $this->t('Redirect URL at logout'),
+      '#default_value' => $config->get('redirect_url'),
+      '#size' => 40,
+      '#description' => $this->t('Send users to this internal page when they are logged out.'),
+    ];
+
+    $form['no_dialog'] = [
+      '#type' => 'checkbox',
+      '#title' => $this->t('Do not display the logout dialog'),
+      '#default_value' => $config->get('no_dialog'),
+      '#description' => $this->t('Enable this if you want users to logout right away and skip displaying the logout dialog.'),
+    ];
+
+    $form['use_alt_logout_method'] = [
+      '#type' => 'checkbox',
+      '#title' => $this->t('Use alternate logout method'),
+      '#default_value' => $config->get('use_alt_logout_method'),
+      '#description' => $this->t('Normally when auto logout is triggered, it is done via an AJAX service call. Sites that use an SSO provider, such as CAS, are likely to see this request fail with the error "Origin is not allowed by Access-Control-Allow-Origin". The alternate approach is to have the auto logout trigger a page redirect to initiate the logout process instead.'),
+    ];
+
+    $form['message']  = [
+      '#type' => 'textarea',
+      '#title' => $this->t('Message to display in the logout dialog'),
+      '#default_value' => $config->get('message'),
+      '#size' => 40,
+      '#description' => $this->t('This message must be plain text as it might appear in a JavaScript confirm dialog.'),
+    ];
+
+    $form['inactivity_message']  = [
+      '#type' => 'textarea',
+      '#title' => $this->t('Message to display to the user after they are logged out.'),
+      '#default_value' => $config->get('inactivity_message'),
+      '#size' => 40,
+      '#description' => $this->t('This message is displayed after the user was logged out due to inactivity. You can leave this blank to show no message to the user.'),
+    ];
+
+    $form['use_watchdog'] = [
+      '#type' => 'checkbox',
+      '#title' => $this->t('Enable watchdog Automated Logout logging'),
+      '#default_value' => $config->get('use_watchdog'),
+      '#description' => $this->t('Enable logging of automatically logged out users'),
+    ];
+
+    $form['enforce_admin'] = [
+      '#type' => 'checkbox',
+      '#title' => $this->t('Enforce auto logout on admin pages'),
+      '#default_value' => $config->get('enforce_admin'),
+      '#description' => $this->t('If checked, then users will be automatically logged out when administering the site.'),
+    ];
+
+    if ($this->moduleHandler->moduleExists('jstimer') && $this->moduleHandler->moduleExists('jst_timer')) {
+      $form['jstimer_format']  = [
+        '#type' => 'textfield',
+        '#title' => $this->t('Autologout block time format'),
+        '#default_value' => $config->get('jstimer_format'),
+        '#description' => $this->t('Change the display of the dynamic timer.  Available replacement values are: %day%, %month%, %year%, %dow%, %moy%, %years%, %ydays%, %days%, %hours%, %mins%, and %secs%.'),
+      ];
+    }
+
+    $form['table'] = [
+      '#type' => 'table',
+      '#weight' => -2,
+      '#header' => [
+        'enable' => $this->t('Enable'),
+        'name' => $this->t('Role Name'),
+        'timeout' => $this->t('Timeout (seconds)'),
+      ],
+      '#title' => $this->t('If Enabled every user in role will be logged out based on that roles timeout, unless the user has an individual timeout set.'),
+      '#states' => [
+        'visible' => [
+          // Only show this field when the 'role_logout' checkbox is enabled.
+          ':input[name="role_logout"]' => ['checked' => TRUE],
+        ],
+      ],
+    ];
+
+    foreach (user_roles(TRUE) as $key => $role) {
+      $form['table'][$key] = [
+        'enabled' => [
+          '#type' => 'checkbox',
+          '#default_value' => $this->config('autologout.role.' . $key)->get('enabled'),
+        ],
+        'role' => [
+          '#type' => 'item',
+          '#value' => $key,
+          '#markup' => $key,
+        ],
+        'timeout' => [
+          '#type' => 'textfield',
+          '#default_value' => $this->config('autologout.role.' . $key)->get('timeout'),
+          '#size' => 8,
+        ],
+      ];
+    }
+
+    return parent::buildForm($form, $form_state);
+  }
+  /**
+   * Validate timeout range.
+   *
+   * Checks to see if timeout threshold is outside max/min values. Done here
+   * to centralize and stop repeated code. Hard coded min, configurable max.
+   *
+   * @param int $timeout
+   *   The timeout value in seconds to validate.
+   * @param int $max_timeout
+   *   (optional) Maximum value of timeout. If not set, system default is used.
+   *
+   * @return bool
+   *    Return TRUE or FALSE
+   */
+  public function timeoutValidate($timeout, $max_timeout = NULL) {
+    $validate = TRUE;
+    if (is_null($max_timeout)) {
+      $max_timeout = $this->config('autologout.settings')->get('max_timeout');
+    }
+
+    if (!is_numeric($timeout) || $timeout < 0 || ($timeout > 0 && $timeout < 60) || $timeout > $max_timeout) {
+      // Less than 60, greater than max_timeout and is numeric.
+      // 0 is allowed now as this means no timeout.
+      $validate = FALSE;
+    }
+    return $validate;
+  }
+  /**
+   * {@inheritdoc}
+   */
+  public function validateForm(array &$form, FormStateInterface $form_state) {
+    $values = $form_state->getValues();
+    $new_stack = [];
+    foreach ($values['table'] as $key => $pair) {
+      if (is_array($pair)) {
+        foreach ($pair as $pairkey => $pairvalue) {
+          $new_stack[$key][$pairkey] = $pairvalue;
+        }
+      }
+    }
+
+    $max_timeout = $values['max_timeout'];
+
+    if ($values['role_logout']) {
+      // Validate timeouts for each role.
+      foreach (array_keys(user_roles(TRUE)) as $role) {
+        if (empty($new_stack[$role]) || $new_stack[$role]['enabled'] == 0) {
+          // Don't validate role timeouts for non enabled roles.
+          continue;
+        }
+
+        $timeout = $new_stack[$role]['timeout'];
+        $validate = $this->timeoutValidate($timeout, $max_timeout);
+        if (!$validate) {
+          $form_state->setErrorByName('table][' . $role . '][timeout', $this->t('%role role timeout must be an integer greater than 60, less then %max or 0 to disable autologout for that role.', ['%role' => $role, '%max' => $max_timeout]));
+        }
+      }
+    }
+
+    $timeout = $values['timeout'];
+    // Validate timeout.
+    if ($timeout < 60) {
+      $form_state->setErrorByName('timeout', $this->t('The timeout value must be an integer 60 seconds or greater.'));
+    }
+    elseif ($max_timeout <= 60) {
+      $form_state->setErrorByName('max_timeout', $this->t('The max timeout must be an integer greater than 60.'));
+    }
+    elseif (!is_numeric($timeout) || ((int) $timeout != $timeout) || $timeout < 60 || $timeout > $max_timeout) {
+      $form_state->setErrorByName('timeout', $this->t('The timeout must be an integer greater than 60 and less then %max.', ['%max' => $max_timeout]));
+    }
+
+    $redirect_url = $values['redirect_url'];
+
+    // Validate redirect url.
+    if (strpos($redirect_url, '/') !== 0) {
+      $form_state->setErrorByName('redirect_url', $this->t("The user-entered string :redirect_url must begin with a '/'", [':redirect_url' => $redirect_url]));
+    }
+
+    parent::validateForm($form, $form_state);
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function submitForm(array &$form, FormStateInterface $form_state) {
+    $values = $form_state->getValues();
+    $autologout_settings = $this->config('autologout.settings');
+
+    $autologout_settings->set('timeout', $values['timeout'])
+      ->set('max_timeout', $values['max_timeout'])
+      ->set('padding', $values['padding'])
+      ->set('role_logout', $values['role_logout'])
+      ->set('redirect_url', $values['redirect_url'])
+      ->set('no_dialog', $values['no_dialog'])
+      ->set('message', $values['message'])
+      ->set('inactivity_message', $values['inactivity_message'])
+      ->set('enforce_admin', $values['enforce_admin'])
+      ->set('use_alt_logout_method', $values['use_alt_logout_method'])
+      ->set('use_watchdog', $values['use_watchdog'])
+      ->save();
+
+    foreach ($values['table'] as $user) {
+      $this->configFactory()->getEditable('autologout.role.' . $user['role'])
+        ->set('enabled', $user['enabled'])
+        ->set('timeout', $user['timeout'])
+        ->save();
+    }
+
+    if (isset($values['jstimer_format'])) {
+      $autologout_settings->set('jstimer_format', $values['jstimer_format'])->save();
+    }
+
+    parent::submitForm($form, $form_state);
+  }
+
+}

sites/all/modules/contrib/users/autologout/src/Plugin/Block/AutologoutWarningBlock.php

@@ -0,0 +1,129 @@
+<?php
+
+namespace Drupal\autologout\Plugin\Block;
+
+use Drupal\Core\Block\BlockBase;
+use Drupal\Core\Config\Config;
+use Drupal\Core\Datetime\DateFormatterInterface;
+use Drupal\Core\Extension\ModuleHandlerInterface;
+use Drupal\Core\Plugin\ContainerFactoryPluginInterface;
+use Symfony\Component\DependencyInjection\ContainerInterface;
+
+/**
+ * Provides an 'Automated Logout info' block.
+ *
+ * @Block(
+ *   id = "autologout_warning_block",
+ *   admin_label = @Translation("Automated logout info"),
+ *   category = @Translation("User"),
+ * )
+ */
+class AutologoutWarningBlock extends BlockBase implements ContainerFactoryPluginInterface {
+
+  /**
+   * The module manager service.
+   *
+   * @var \Drupal\Core\Extension\ModuleHandlerInterface
+   */
+  protected $moduleHandler;
+
+  /**
+   * The date formatter service.
+   *
+   * @var \Drupal\Core\Datetime\DateFormatterInterface
+   */
+  protected $dateFormatter;
+
+  /**
+   * The config object for 'autologout.settings'.
+   *
+   * @var \Drupal\Core\Config\Config
+   */
+  protected $autoLogoutSettings;
+
+  /**
+   * Constructs an AutologoutWarningBlock object.
+   *
+   * @param array $configuration
+   *   A configuration array containing information about the plugin instance.
+   * @param string $plugin_id
+   *   The plugin_id for the plugin instance.
+   * @param mixed $plugin_definition
+   *   The plugin implementation definition.
+   * @param \Drupal\Core\Extension\ModuleHandlerInterface $module_handler
+   *   The module manager service.
+   * @param \Drupal\Core\Datetime\DateFormatterInterface $date_formatter
+   *   The date formatter service.
+   * @param \Drupal\Core\Config\Config $autologout_settings
+   *   The config object for 'autologout.settings'.
+   */
+  public function __construct(array $configuration, $plugin_id, $plugin_definition, ModuleHandlerInterface $module_handler, DateFormatterInterface $date_formatter, Config $autologout_settings) {
+    parent::__construct($configuration, $plugin_id, $plugin_definition);
+    $this->moduleHandler = $module_handler;
+    $this->dateFormatter = $date_formatter;
+    $this->autoLogoutSettings = $autologout_settings;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) {
+    return new static(
+      $configuration,
+      $plugin_id,
+      $plugin_definition,
+      $container->get('module_handler'),
+      $container->get('date.formatter'),
+      $container->get('config.factory')->get('autologout.settings')
+    );
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function defaultConfiguration() {
+    // @todo: This is not the place where we should be doing this.
+    $return = [];
+    //if ($this->moduleHandler->moduleExists('jstimer')) {
+    //  if (!$this->moduleHandler->moduleExists(('jst_timer'))) {
+    //    drupal_set_message($this->t('The "Widget: timer" module must also be enabled for the dynamic countdown to work in the automated logout block.'), 'error');
+    //  }
+
+    //  if ($this->autoLogoutSettings->get('jstimer_js_load_option') != 1) {
+    //    drupal_set_message($this->t("The Javascript timer module's 'Javascript load options' setting should be set to 'Every page' for the dynamic countdown to work in the automated logout block."), 'error');
+    //  }
+    //}
+    return $return;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function build() {
+    $autologout_manager = \Drupal::service('autologout.manager');
+    if ($autologout_manager->preventJs()) {
+
+      // Don't display the block if the user is not going
+      // to be logged out on this page.
+      return [];
+    }
+
+    if ($autologout_manager->refreshOnly()) {
+      $markup = $this->t('Autologout does not apply on the current page,
+         you will be kept logged in whilst this page remains open.');
+    }
+    elseif ($this->moduleHandler->moduleExists('jstimer') && $this->moduleHandler->moduleExists('jst_timer')) {
+      return \Drupal::formBuilder()->getForm('Drupal\autologout\Form\AutologoutBlockForm');
+    }
+    else {
+      $timeout = (int) $this->autoLogoutSettings->get('timeout');
+      $markup = $this->t('You will be logged out in @time if this page is not refreshed before then.', ['@time' => $this->dateFormatter->formatInterval($timeout)]);
+    }
+
+    return [
+      '#type' => 'markup',
+      '#markup' => $markup,
+    ];
+  }
+
+}

sites/all/modules/contrib/users/autologout/src/Tests/AutologoutAjaxTest.php

@@ -0,0 +1,141 @@
+<?php
+
+namespace Drupal\autologout\Tests;
+
+use Drupal\simpletest\WebTestBase;
+
+/**
+ * Test the Autologout ajax endpoints.
+ *
+ * @description Ensure the AJAX endpoints work as expected
+ *
+ * @group Autologout
+ */
+class AutologoutAjaxTest extends WebTestBase {
+  /**
+   * Modules to enable.
+   *
+   * @var array
+   */
+  public static $modules = [
+    'node',
+    'system_test',
+    'views',
+    'user',
+    'autologout',
+    'menu_ui',
+    'block',
+  ];
+
+  /**
+   * User with admin rights.
+   */
+  protected $privilegedUser;
+
+  /**
+   * SetUp() performs any pre-requisite tasks that need to happen.
+   */
+  public function setUp() {
+    parent::setUp();
+    // Create and log in our privileged user.
+    $this->privilegedUser = $this->drupalCreateUser([
+      'access content',
+      'administer site configuration',
+      'access site reports',
+      'access administration pages',
+      'bypass node access',
+      'administer content types',
+      'administer nodes',
+      'administer autologout',
+      'change own logout threshold',
+    ]);
+    $this->drupalLogin($this->privilegedUser);
+
+    // Make node page default.
+    $this->config('system.site')->set('page.front', 'node')->save();
+    // Place the User login block on the home page to verify Log out text.
+    $this->drupalPlaceBlock('system_menu_block:account');
+  }
+
+  /**
+   * Test ajax logout callbacks work as expected.
+   */
+  public function testAutologoutByAjax() {
+
+    $config = \Drupal::configFactory()->getEditable('autologout.settings');
+    $config->set('timeout', 100)
+      ->set('padding', 10)
+      ->save();
+
+    // Check that the user can access the page after login.
+    $this->drupalGet('node');
+    $this->assertResponse(200, 'Homepage is accessible');
+    $this->assertText(t('Log out'), 'User is still logged in.');
+
+    // Test the time remaining callback works as expected.
+    $result = $this->drupalGetAjax('autologout_ajax_get_time_left');
+    $this->assertResponse(200, 'autologout_ajax_get_time_left is accessible when logged in');
+    $this->assertEqual('insert', $result[0]['command'], 'autologout_ajax_get_time_left returns an insert command for adding the jstimer onto the page');
+    $this->assertEqual('#timer', $result[0]['selector'], 'autologout_ajax_get_time_left specifies the #timer selector.');
+    $this->assert(!empty($result[1]['settings']['time']) && is_int($result[1]['settings']['time']) && $result[1]['settings']['time'] > 0, 'autologout_ajax_get_time_left returns the remaining time as a positive integer');
+
+    // Test that ajax logout works as expected.
+    $this->drupalGet('autologout_ahah_logout');
+    $this->assertResponse(200, 'autologout_ahah_logout is accessible when logged in');
+
+    // Check we are now logged out.
+    $this->drupalGet('node');
+    $this->assertResponse(200, 'Homepage is accessible');
+    $this->assertNoText(t('Log out'), 'User is no longer logged in.');
+
+    // Check further get time remaining requests return access denied.
+    $this->drupalGet('autologout_ajax_get_time_left');
+    $this->assertResponse(403, 'autologout_ajax_get_time_left is not accessible when logged out.');
+
+    // Check further logout requests result in access denied.
+    $this->drupalGet('autologout_ahah_logout');
+    $this->assertResponse(403, 'autologout_ahah_logout is not accessible when logged out.');
+
+  }
+
+  /**
+   * Test ajax stay logged in callbacks work as expected.
+   */
+  public function testStayloggedInByAjax() {
+    $config = \Drupal::configFactory()->getEditable('autologout.settings');
+    $config->set('timeout', 20)
+      ->set('padding', 5)
+      ->save();
+
+    // Check that the user can access the page after login.
+    $this->drupalGet('node');
+    $this->assertResponse(200, 'Homepage is accessible');
+    $this->assertText(t('Log out'), 'User is still logged in.');
+
+    // Sleep for half the timeout.
+    sleep(14);
+
+    // Test that ajax stay logged in works.
+    $result = $this->drupalGetAjax('autologout_ahah_set_last');
+    $this->assertResponse(200, 'autologout_ahah_set_last is accessible when logged in.');
+    $this->assertEqual('insert', $result[0]['command'], 'autologout_ajax_set_last returns an insert command for adding the jstimer onto the page');
+    $this->assertEqual('#timer', $result[0]['selector'], 'autologout_ajax_set_last specifies the #timer selector.');
+
+    // Sleep for half the timeout again.
+    sleep(14);
+
+    // Check we are still logged in.
+    $this->drupalGet('node');
+    $this->assertResponse(200, t('Homepage is accessible'));
+    $this->assertText(t('Log out'), t('User is still logged in.'));
+
+    // Logout.
+    $this->drupalGet('autologout_ahah_logout');
+    $this->assertResponse(200, 'autologout_ahah_logout is accessible when logged in.');
+
+    // Check further requests to set last result in 403.
+    $result = $this->drupalGetAjax('autologout_ahah_set_last');
+    $this->assertResponse(403, 'autologout_ahah_set_last is not accessible when logged out.');
+  }
+
+}

sites/all/modules/contrib/users/autologout/src/Tests/AutologoutSessionCleanupOnLoginTest.php

@@ -0,0 +1,188 @@
+<?php
+
+namespace Drupal\autologout\Tests;
+use Drupal\simpletest\WebTestBase;
+
+/**
+ * Test session cleanup on login.
+ *
+ * @description Ensure that the autologout module cleans up stale sessions at login
+ *
+ * @group Autologout
+ */
+class AutologoutSessionCleanupOnLoginTest extends WebTestBase {
+  /**
+   * Modules to enable.
+   *
+   * @var array
+   */
+  public static $modules = ['autologout', 'node'];
+  /**
+   * A store references to different sessions.
+   */
+  protected $curlHandles = [];
+  protected $loggedInUsers = [];
+  protected $privilegedUser;
+  protected $database;
+
+  /**
+   * SetUp() performs any pre-requisite tasks that need to happen.
+   */
+  public function setUp() {
+    parent::setUp();
+    // Create and log in our privileged user.
+    $this->privilegedUser = $this->drupalCreateUser(['access content overview',
+      'administer site configuration',
+      'access site reports',
+      'access administration pages',
+      'bypass node access',
+      'administer content types',
+      'administer nodes',
+      'administer autologout',
+      'change own logout threshold',
+    ]);
+    $this->database = $this->container->get('database');
+  }
+
+  /**
+   * Test that stale sessions are cleaned up at login.
+   */
+  public function testSessionCleanupAtLogin() {
+    // For the purposes of the test, set the timeout periods to 5 seconds.
+    $config = \Drupal::configFactory()->getEditable('autologout.settings');
+    $config->set('timeout', 5)
+      ->set('padding', 0)
+      ->save();
+
+    // Login in session 1.
+    $this->drupalLogin($this->privilegedUser);
+    // Check one active session.
+    $sessions = $this->getSessions($this->privilegedUser);
+    $this->assertEqual(1, count($sessions), 'After initial login there is one active session');
+
+    // Switch sessions.
+    $session1 = $this->stashSession();
+
+    // Login to session 2.
+    $this->drupalLogin($this->privilegedUser);
+
+    // Check two active sessions.
+    $sessions = $this->getSessions($this->privilegedUser);
+    $this->assertEqual(2, count($sessions), 'After second login there is now two active session');
+
+    $this->stashSession();
+
+    // Switch sessions.
+    // Wait for sessions to expire.
+    sleep(6);
+
+    // Login to session 3.
+    $this->drupalLogin($this->privilegedUser);
+
+    // Check one active session.
+    $sessions = $this->getSessions($this->privilegedUser);
+    $this->assertEqual(1, count($sessions), 'After third login, there is 1 active session, two stale sessions were cleaned up.');
+
+    // Switch back to session 1 and check no longer logged in.
+    $this->restoreSession($session1);
+    $this->drupalGet('node');
+    $this->assertNoText(t('Log out'), 'User is no longer logged in on session 1.');
+
+    $this->closeAllSessions();
+  }
+
+  /**
+   * Get active sessions for given user.
+   */
+  public function getSessions($account) {
+    // Check there is one session in the sessions table.
+    $result = $this->database->select('sessions', 's')
+      ->fields('s')
+      ->condition('uid', $account->id())
+      ->orderBy('timestamp', 'DESC')
+      ->execute();
+    $sessions = [];
+    foreach ($result as $session) {
+      $sessions[] = $session;
+    }
+
+    return $sessions;
+  }
+
+  /**
+   * Initialise a new unique session.
+   *
+   * @return string
+   *   Unique identifier for the session just stored.
+   *   It is the cookiefile name.
+   */
+  public function stashSession() {
+    if (empty($this->cookieFile)) {
+      // No session to stash.
+      return 0;
+    }
+
+    // The session_id is the current cookieFile.
+    $session_id = $this->cookieFile;
+
+    $this->curlHandles[$session_id] = $this->curlHandle;
+    $this->loggedInUsers[$session_id] = $this->loggedInUser;
+
+    // Reset Curl.
+    unset($this->curlHandle);
+    $this->loggedInUser = FALSE;
+
+    // Set a new unique cookie filename.
+    do {
+      $this->cookieFile = $this->originalFileDirectory . '/' . $this->randomMachineName() . '.jar';
+    } while (isset($this->curlHandles[$this->cookieFile]));
+
+    return $session_id;
+  }
+
+  /**
+   * Restore a previously stashed session.
+   *
+   * @param string $session_id
+   *   The session to restore as returned by stashSession();
+   *   This is also the path to the cookie file.
+   *
+   * @return string
+   *   The old session id that was replaced.
+   */
+  public function restoreSession($session_id) {
+    $old_session_id = NULL;
+
+    if (isset($this->curlHandle)) {
+      $old_session_id = $this->stashSession();
+    }
+
+    // Restore the specified session.
+    $this->curlHandle = $this->curlHandles[$session_id];
+    $this->cookieFile = $session_id;
+    $this->loggedInUser = $this->loggedInUsers[$session_id];
+
+    return $old_session_id;
+  }
+
+  /**
+   * Close all stashed sessions and the current session.
+   */
+  public function closeAllSessions() {
+    foreach ($this->curlHandles as $curl_handle) {
+      if (isset($curl_handle)) {
+        curl_close($curl_handle);
+      }
+    }
+
+    // Make the server forget all sessions.
+    $this->database->truncate('sessions')->execute();
+
+    $this->curlHandles = [];
+    $this->loggedInUsers = [];
+    $this->loggedInUser = FALSE;
+    $this->cookieFile = $this->originalFileDirectory . '/' . $this->randomMachineName() . '.jar';
+    unset($this->curlHandle);
+  }
+
+}

sites/all/modules/contrib/users/autologout/src/Tests/AutologoutTest.php

@@ -0,0 +1,395 @@
+<?php
+
+namespace Drupal\autologout\Tests;
+
+use Drupal\simpletest\WebTestBase;
+
+/**
+ * Tests the autologout's features.
+ *
+ * @description Ensure that the autologout module functions as expected
+ *
+ * @group Autologout
+ */
+class AutologoutTest extends WebTestBase {
+  /**
+   * Modules to enable.
+   *
+   * @var array
+   */
+  public static $modules = [
+    'node',
+    'system',
+    'system_test',
+    'views',
+    'user',
+    'autologout',
+    'menu_ui',
+    'block',
+  ];
+
+  /**
+   * Use the Standard profile to test help implementations of many core modules.
+   */
+  protected $profile = 'standard';
+
+  /**
+   * User with admin rights.
+   */
+  protected $privilegedUser;
+
+  /**
+   * The config factory service.
+   *
+   * @var \Drupal\Core\Config\ConfigFactoryInterface
+   */
+  protected $configFactory;
+
+  /**
+   * Stores the user data service used by the test.
+   *
+   * @var \Drupal\user\UserDataInterface
+   */
+  public $userData;
+
+  /**
+   * SetUp() performs any pre-requisite tasks that need to happen.
+   */
+  public function setUp() {
+    parent::setUp();
+    // Create and log in our privileged user.
+    $this->privilegedUser = $this->drupalCreateUser([
+      'access content',
+      'administer site configuration',
+      'access site reports',
+      'access administration pages',
+      'bypass node access',
+      'administer content types',
+      'administer nodes',
+      'administer autologout',
+      'change own logout threshold',
+      'access site reports',
+      'view the administration theme',
+    ]);
+    $this->drupalLogin($this->privilegedUser);
+
+    $this->configFactory = $this->container->get('config.factory');
+    $this->userData = $this->container->get('user.data');
+
+    $config = $this->configFactory->getEditable('autologout.settings');
+    // For the purposes of the test, set the timeout periods to 10 seconds.
+    $config->set('timeout', 10)
+      ->save();
+
+    $this->drupalLogin($this->privilegedUser);
+
+    // Make node page default.
+    $this->configFactory->getEditable('system.site')->set('page.front', 'node')->save();
+    // Place the User login block on the home page to verify Log out text.
+    $this->drupalPlaceBlock('system_menu_block:account');
+  }
+
+  /**
+   * Test the precedence of the timeouts.
+   *
+   * This tests the following function:
+   * _autologout_get_user_timeout();
+   */
+  public function testAutologoutTimeoutPrecedence() {
+    $autologout_settings = $this->configFactory->getEditable('autologout.settings');
+    $autologout_role_settings = $this->configFactory->getEditable('autologout.role.authenticated');
+    $uid = $this->privilegedUser->id();
+    $autologout_user_settings = \Drupal::service('user.data');
+
+    // Default used if no role is specified.
+    $autologout_settings->set('timeout', 100)
+      ->set('role_logout', FALSE)
+      ->save();
+    $autologout_role_settings->set('enabled', FALSE)
+      ->set('timeout', 200)
+      ->save();
+    $this->assertAutotimeout($uid, 100, 'User timeout uses default if no other option set');
+
+    // Default used if role selected but no user's role is selected.
+    $autologout_settings->set('role_logout', TRUE)
+      ->save();
+    $autologout_role_settings->set('enabled', FALSE)
+      ->set('timeout', 200)
+      ->save();
+    $this->assertAutotimeout($uid, 100, 'User timeout uses default if  role timeouts are used but not one of the current user.');
+
+    // Role timeout is used if user's role is selected.
+    $autologout_settings->set('role_logout', TRUE)
+      ->save();
+    $autologout_role_settings->set('enabled', TRUE)
+      ->set('timeout', 200)
+      ->save();
+    $this->assertAutotimeout($uid, 200, 'User timeout uses role value');
+
+    // Role timeout is used if user's role is selected.
+    $autologout_settings->set('role_logout', TRUE)
+      ->save();
+    $autologout_role_settings->set('enabled', TRUE)
+      ->set('timeout', 0)
+      ->save();
+    $this->assertAutotimeout($uid, 0, 'User timeout uses role value of 0 if set for one of the user roles.');
+
+    // Role timeout used if personal timeout is empty string.
+    $autologout_settings->set('role_logout', TRUE)
+      ->save();
+    $autologout_role_settings->set('enabled', TRUE)
+      ->set('timeout', 200)
+      ->save();
+    $autologout_user_settings->set('autologout', $uid, 'timeout', '');
+    $autologout_user_settings->set('autologout', $uid, 'enabled', FALSE);
+    $this->assertAutotimeout($uid, 200, 'User timeout uses role value if personal value is the empty string.');
+
+    // Default timeout used if personal timeout is empty string.
+    $autologout_settings->set('role_logout', TRUE)
+      ->save();
+    $autologout_role_settings->set('enabled', FALSE)
+      ->set('timeout', 200)
+      ->save();
+    $autologout_user_settings->set('autologout', $uid, 'timeout', '');
+    $autologout_user_settings->set('autologout', $uid, 'enabled', FALSE);
+    $this->assertAutotimeout($uid, 100, 'User timeout uses default value if personal value is the empty string and no role timeout is specified.');
+
+    // Personal timeout used if set.
+    $autologout_settings->set('role_logout', TRUE)
+      ->save();
+    $autologout_role_settings->set('enabled', FALSE)
+      ->set('timeout', 200)
+      ->save();
+    $autologout_user_settings->set('autologout', $uid, 'timeout', 300);
+    $autologout_user_settings->set('autologout', $uid, 'enabled', TRUE);
+    $this->assertAutotimeout($uid, 300, 'User timeout uses default value if personal value is the empty string and no role timeout is specified.');
+  }
+
+  /**
+   * Test a user is logged out after the default timeout period.
+   */
+  public function testAutologoutDefaultTimeout() {
+    // Check that the user can access the page after login.
+    $this->drupalGet('node');
+    $this->assertResponse(200, 'Homepage is accessible');
+    $this->assertText('Log out', 'User is still logged in.');
+
+    // Wait for timeout period to elapse.
+    sleep(30);
+
+    // Check we are now logged out.
+    $this->drupalGet('node');
+    $this->assertResponse(200, 'Homepage is accessible');
+    $this->assertNoRaw(t('Log out'), 'User is no longer logged in.');
+    $this->assertText(t('You have been logged out due to inactivity.'), 'User sees inactivity message.');
+  }
+
+  /**
+   * Test a user is not logged out within the default timeout period.
+   */
+  public function testAutologoutNoLogoutInsideTimeout() {
+    // Check that the user can access the page after login.
+    $this->drupalGet('node');
+    $this->assertResponse(200, 'Homepage is accessible');
+    $this->assertText(t('Log out'), 'User is still logged in.');
+
+    // Wait within the timeout period.
+    sleep(10);
+
+    // Check we are still logged in.
+    $this->drupalGet('node');
+    $this->assertResponse(200, 'Homepage is accessible');
+    $this->assertText(t('Log out'), 'User is still logged in.');
+    $this->assertNoText(t('You have been logged out due to inactivity.'), 'User does not see inactivity message.');
+  }
+
+  /**
+   * Test the behaviour of the settings for submission.
+   */
+  public function testAutologoutSettingsForm() {
+    $edit = [];
+    $autologout_settings = $this->configFactory->getEditable('autologout.settings');
+    $autologout_settings->set('max_timeout', 1000)
+      ->save();
+
+    $roles = user_roles(TRUE);
+    // Unset authenticated, as it will be used to add manual value later.
+    unset($roles['authenticated']);
+
+    // Test that it is possible to set a value above the max_timeout
+    // threshold.
+    $edit['timeout'] = 1500;
+    $edit['max_timeout'] = 2000;
+    $edit['padding'] = 60;
+    $edit['role_logout'] = TRUE;
+    $edit['table[authenticated][enabled]'] = TRUE;
+    $edit['table[authenticated][timeout]'] = 1200;
+    foreach ($roles as $key => $role) {
+      $edit['table[' . $key . '][enabled]'] = TRUE;
+      $edit['table[' . $key . '][timeout]'] = 1200;
+    }
+    $edit['redirect_url'] = '/user/login';
+
+    $this->drupalPostForm('admin/config/people/autologout', $edit, t('Save configuration'));
+    $this->assertText(t('The configuration options have been saved.'), 'Unable to save autologout config when modifying the max timeout.');
+
+    // Test that out of range values are picked up.
+    $edit['timeout'] = 2500;
+    $edit['max_timeout'] = 2000;
+    $edit['padding'] = 60;
+    $edit['role_logout'] = TRUE;
+    $edit['table[authenticated][enabled]'] = TRUE;
+    $edit['table[authenticated][timeout]'] = 1200;
+    foreach ($roles as $key => $role) {
+      $edit['table[' . $key . '][enabled]'] = TRUE;
+      $edit['table[' . $key . '][timeout]'] = 1200;
+    }
+    $edit['redirect_url'] = '/user/login';
+    $this->drupalPostForm('admin/config/people/autologout', $edit, t('Save configuration'));
+    $this->assertNoText(t('The configuration options have been saved.'), 'Saved configuration despite the autologout_timeout being too large.');
+
+    // Test that out of range values are picked up.
+    $edit['timeout'] = 1500;
+    $edit['max_timeout'] = 2000;
+    $edit['padding'] = 60;
+    $edit['role_logout'] = TRUE;
+    $edit['table[authenticated][enabled]'] = TRUE;
+    $edit['table[authenticated][timeout]'] = 2500;
+    foreach ($roles as $key => $role) {
+      $edit['table[' . $key . '][enabled]'] = TRUE;
+      $edit['table[' . $key . '][timeout]'] = 1200;
+    }
+    $edit['redirect_url'] = '/user/login';
+    $this->drupalPostForm('admin/config/people/autologout', $edit, t('Save configuration'));
+    $this->assertNoText(t('The configuration options have been saved.'), 'Saved configuration despite a role timeout being too large.');
+
+    // Test that role timeouts are not validated for disabled roles.
+    $edit['timeout'] = 1500;
+    $edit['max_timeout'] = 2000;
+    $edit['padding'] = 60;
+    $edit['role_logout'] = TRUE;
+    $edit['table[authenticated][enabled]'] = FALSE;
+    $edit['table[authenticated][timeout]'] = 4000;
+    foreach ($roles as $key => $role) {
+      $edit['table[' . $key . '][enabled]'] = FALSE;
+      $edit['table[' . $key . '][timeout]'] = 1200;
+    }
+    $edit['redirect_url'] = '/user/login';
+
+    $this->drupalPostForm('admin/config/people/autologout', $edit, t('Save configuration'));
+    $this->assertText(t('The configuration options have been saved.'), 'Unable to save autologout due to out of range role timeout for a role which is not enabled..');
+  }
+
+  /**
+   * Test a user is logged out and denied access to admin pages.
+   */
+  public function testAutologoutDefaultTimeoutAccessDeniedToAdmin() {
+    $autologout_settings = $this->configFactory->getEditable('autologout.settings');
+    // Enforce auto logout of admin pages.
+    $autologout_settings->set('enforce_admin', FALSE)
+      ->save();
+
+    // Check that the user can access the page after login.
+    $this->drupalGet('admin/reports/status');
+    $this->assertResponse(200, 'Admin page is accessible');
+    $this->assertText(t("Here you can find a short overview of your site's parameters as well as any problems detected with your installation."), 'User can access elements of the admin page.');
+
+    // Wait for timeout period to elapse.
+    sleep(30);
+
+    // Check we are now logged out.
+    $this->drupalGet('admin/reports/status');
+    $this->assertResponse(403, 'Admin page returns 403 access denied.');
+    $this->assertNoText(t('Log out'), 'User is no longer logged in.');
+    $this->assertNoText(t("Here you can find a short overview of your site's parameters as well as any problems detected with your installation."), 'User cannot access elements of the admin page.');
+    $this->assertText(t('You have been logged out due to inactivity.'), 'User sees inactivity message.');
+  }
+
+  /**
+   * Test integration with the remember me module.
+   *
+   * Users who checked remember_me on login should never be logged out.
+   */
+  public function testNoAutologoutWithRememberMe() {
+    // Set the remember_me module data bit to TRUE.
+    $this->userData->set('remember_me', $this->privilegedUser->id(), 'remember_me', TRUE);
+
+    // Check that the user can access the page after login.
+    $this->drupalGet('node');
+    $this->assertResponse(200, 'Homepage is accessible');
+    $this->assertText(t('Log out'), 'User is still logged in.');
+
+    // Wait for timeout period to elapse.
+    sleep(30);
+
+    // Check we are still logged in.
+    $this->drupalGet('node');
+    $this->assertResponse(200, 'Homepage is accessible');
+    $this->assertText(t('Log out'), 'User is still logged in after timeout with remember_me on.');
+  }
+
+  /**
+   * Test the behaviour of custom message displayed on autologout.
+   */
+  public function testCustomMessage() {
+    $autologout_settings = $this->configFactory->getEditable('autologout.settings');
+    $inactivity_message = 'Custom message for test';
+
+    // Update message string in configuration.
+    $autologout_settings->set('inactivity_message', $inactivity_message)
+      ->save();
+
+    // Set time out for 10 seconds.
+    $autologout_settings->set('timeout', 10)
+      ->save();
+
+    // Wait for 20 seconds for timeout.
+    sleep(30);
+
+    // Access the admin page and verify user is logged out and custom message
+    // is displayed.
+    $this->drupalGet('admin/reports/status');
+    $this->assertText($inactivity_message, 'User sees custom message');
+  }
+
+  /**
+   * Test the behaviour of application when Autologout is enabled for admin.
+   */
+  public function testAutologoutAdminPages() {
+
+    $autologout_settings = $this->configFactory->getEditable('autologout.settings');
+    // Enforce auto logout of admin pages.
+    $autologout_settings->set('enforce_admin', TRUE)
+      ->save();
+    // Set time out as 10 seconds.
+    $autologout_settings->set('timeout', 10)
+      ->save();
+    // Verify admin should not be logged out.
+    $this->drupalGet('admin/reports/status');
+    $this->assertResponse('200', 'Admin pages are accessible');
+
+    // Wait until timeout.
+    sleep(30);
+
+    // Verify admin should be logged out.
+    $this->drupalGet('admin/reports/status');
+    $this->assertText(t('You have been logged out due to inactivity.'), 'User sees inactivity message.');
+  }
+
+  /**
+   * Assert the timeout for a particular user.
+   *
+   * @param int $uid
+   *   User uid to assert the timeout for.
+   * @param int $expected_timeout
+   *   The expected timeout.
+   * @param string $message
+   *   The test message.
+   * @param string $group
+   *   The test grouping.
+   */
+  public function assertAutotimeout($uid, $expected_timeout, $message = '', $group = '') {
+    return $this->assertEqual(\Drupal::service('autologout.manager')->getUserTimeout($uid), $expected_timeout, $message, $group);
+  }
+
+}

sites/default/config/sync/autologout.role.admin.yml

@@ -0,0 +1,2 @@
+enabled: false
+timeout: null

sites/default/config/sync/autologout.role.authenticated.yml

@@ -0,0 +1,2 @@
+enabled: false
+timeout: null

sites/default/config/sync/autologout.role.collectionneur.yml

@@ -0,0 +1,2 @@
+enabled: false
+timeout: null

sites/default/config/sync/autologout.role.invite.yml

@@ -0,0 +1,2 @@
+enabled: false
+timeout: null

sites/default/config/sync/autologout.role.root.yml

@@ -0,0 +1,2 @@
+enabled: false
+timeout: null

sites/default/config/sync/autologout.role.user.yml

@@ -0,0 +1,2 @@
+enabled: false
+timeout: null

sites/default/config/sync/autologout.settings.yml

@@ -0,0 +1,16 @@
+timeout: 1800
+max_timeout: 172800
+padding: 20
+role_logout: false
+redirect_url: /
+no_dialog: true
+message: 'Your session is about to expire. Do you want to reset it?'
+inactivity_message: 'You have been logged out due to inactivity.'
+enforce_admin: false
+jstimer_format: '%hours%:%mins%:%secs%'
+jstimer_js_load_option: false
+use_alt_logout_method: false
+use_watchdog: true
+_core:
+  default_config_hash: zJS1GknUylh656CJSNXOupqKSqm6Xw200h1cq1eI970
+langcode: fr

sites/default/config/sync/core.extension.yml

@@ -4,6 +4,7 @@ module:
   admin_toolbar: 0
   admin_toolbar_links_access_filter: 0
   audiofield: 0
+  autologout: 0
   ban: 0
   better_messages: 0
   block: 0