From 56e3d2def4fea50e4ebe10dd2e049c4723f1df63 Mon Sep 17 00:00:00 2001
From: Tom Blauwendraat <tom@sunflowerweb.nl>
Date: Sun, 2 Jul 2023 17:25:27 +0200
Subject: [PATCH] [FIX] auth_session_timeout: problem whereby page is refreshed
 with F5, but /web is a public route, so it does not trigger the session check
 but it does trigger session save, so the file mtime is updated before the
 second HTTP call makes the check takes place, and session is not expired

---
 auth_session_timeout/models/ir_http.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/auth_session_timeout/models/ir_http.py b/auth_session_timeout/models/ir_http.py
index 2e2338fc0e..c3ec9ab676 100644
--- a/auth_session_timeout/models/ir_http.py
+++ b/auth_session_timeout/models/ir_http.py
@@ -10,7 +10,11 @@ class IrHttp(models.AbstractModel):
     @classmethod
     def _authenticate(cls, endpoint):
         res = super(IrHttp, cls)._authenticate(endpoint=endpoint)
-        auth_method = endpoint.routing["auth"]
-        if auth_method == "user" and request and request.session and request.session.uid:
+        if (
+            request
+            and request.session
+            and request.session.uid
+            and not request.env["res.users"].browse(request.session.uid)._is_public()
+        ):
             request.env.user._auth_timeout_check()
         return res