How to add a client idle timeout to Sugar 7.x

Shijin Krishna —  December 5, 2016

Here is another guest post from Shijin Krishna from BHEA Technologies.

When a user logs into Sugar 7, an OAuth access token (with a 1 hour timeout by default) and a refresh token (with a 2 week timeout by default) are returned. When the access token expires, Sugar will automatically retrieve another access token as long as the refresh token is valid. This allows a user to use a Sugar browser tab for days on end without having to log back in.

Automated notification requests are made to the server on the user’s behalf at a default interval of every 5 minutes. These requests will allow the current session to remain active without actual user input. So tracking user activity by adjusting access token and refresh token expiry time or tracking network activity alone is not a good idea.

In this blog we are going to explore a way to track a user’s true idle time based on actual user interface activity. For example, one or more of clicks, typing, mouse movements etc. To track a user’s idle time we will use the JQuery IdleTimeout plugin.

This allow us to configure reasonable settings for the OAuth access token and refresh token to allow Lotus Notes, Outlook and other plugins to function for a longer period without needing to login again, while continuing to reliably enforce idle logout on the web client.

We will also learn to configure maximum idle time crossing the same will log the user out from Sugar automatically.

Step 1) Add JQuery IdleTimeout plug-in to Sugar JS

Create a new JS Grouping Extension file in the following path.

// Copyright Shijin Krishna. This work is licensed under an Apache 2.0 license.
$js_groupings[] = $sugar_grp_sidecar = array_merge($sugar_grp_sidecar, array(
        'custom/include/javascript/store.min.js' => 'include/javascript/sugar_sidecar.min.js',
        'custom/include/javascript/jquery-idleTimeout.min.js' => 'include/javascript/sugar_sidecar.min.js',
        'custom/include/javascript/idleTimer.js' => 'include/javascript/sugar_sidecar.min.js',
  • jquery-idleTimeout.min.js – Contains the source code for JQuery IdleTimeout plugin.
  • store.min.js – Required dependency for the plugin.
  • idleTimer.js – We will talk about this little later.

Add the IdleTimeout plug-in and store.js at following paths:


Step 2) Start the idle timer

We will start tracking users inactivity time once the app:sync:complete event is triggered. The JQuery Idle Timeout plugin comes with a set of configurable parameters which will allow us to define the maximum idle time, callback to execute when the idle time reaches the maximum limit, etc. Please click here to view more public configuration variables.


* Idle time logout
* Copyright Shijin Krishna. This work is licensed under an Apache 2.0 license.
* Date 11/29/2016
* */
redirectUrl:'#logout', //redirect url
idleTimeLimit: app.config.max_idle_time || 600, // 'No activity' time limit in seconds. 600 = 10 Minutes
idleCheckHeartbeat: 10, // Frequency to check for idle timeouts in seconds
// optional custom callback to perform before logout
customCallback: function(){
app.logger.error("Logging out user after maximum idle time:" + app.config.max_idle_time); // this method will destroy user's session and log user out
// Due to bug with customCallbacks with idleTimeout jQuery plug-in,
// We must reload document to remove idleTimeout from page until user logs in again
enableDialog: false

Step 3) Configuring the max idle time

By default our timer will consider ten minutes as the maximum idle time. But this can be configured by adding a new parameter ‘max_idle_time‘ to the config_override.php file which is available under sugar root directory.


// Copyright Shijin Krishna. This work is licensed under an Apache 2.0 license.
$sugar_config['additional_js_config']['max_idle_time'] = 1800;

Step 4) Rebuild Extensions & Configuration

Finally, you will need to run Quick Repair & Rebuild, Rebuild GS Grouping Files and Rebuild Config File in order to build your new extensions and configuration. You will also need to do a hard refresh of the browser page in order to load the updated JavaScript files.


Nothing fancy but you can see the logout occurring in the console log.

Shijin Krishna


Shijin is a Certified SugarCRM Developer / Instructor. He has been working on SugarCRM platform for the last three years.

One response to How to add a client idle timeout to Sugar 7.x


    Very nice approach!