Logout PhpMyAdmin SSO

I am using PhpMyAdmin and a user single sign-on (SSO) script to directly enter the interface. The SSO script is called by PHP, given the unique login ID of my own system. This script looks for a unique identifier in my system to get the MySQL username and password and returns it back to PhpMyAdmin.

This still works, but my next goal is to automatically log out after a certain amount of inactivity. Without SSO, deleting browser cookies and clicking any link, I will go to the login page with the message "Your session has expired. Please log in again.". However, I cannot reproduce this behavior from my SSO script.

This is my SSO script:

<?php /** * Session timeout in seconds. */ define('SESSION_TIMEOUT', 60); /** * @return array|null Returns an array with login credentials or null for no login. */ function get_login_credentials() { parse_str($_SERVER['QUERY_STRING'], $query); /* check for session activity (timeout) */ if (isset($_SESSION['ssoLastActivity']) && (time() - $_SESSION['ssoLastActivity']) > SESSION_TIMEOUT) { $sessionExpired = true; } else { $sessionExpired = false; } if (isset($query['old_usr'])) { /* logout and back to index page */ unset($_SESSION['ssoLastActivity']); unset($_SESSION['ssoUser']); unset($_SESSION['ssoPassword']); header('Location: index.php'); exit; } if ($sessionExpired) { unset($_SESSION['ssoLastActivity']); unset($_SESSION['ssoUser']); unset($_SESSION['ssoPassword']); /******** POINT OF QUESTION ********/ /* I'm trying to give the same response as if the cookies were deleted. I land on the login page as desired, however I'm missing the session timeout message. */ header('Content-Type: application/json'); echo json_encode(['redirect_flag' => '1', 'success' => false, 'error' => '']); exit; /***********************************/ } /* update session activity timestamp */ $_SESSION['ssoLastActivity'] = time(); if (!empty($_SESSION['ssoUser']) && !empty($_SESSION['ssoPassword'])) { /* already logged in */ return [ $_SESSION['ssoUser'], $_SESSION['ssoPassword'], ]; } /* retrieve MySQL login credentials here and store them in $user and $password */ /* $user = ...; $password = ...; */ return [ $user, $password, ]; } 

Does anyone have a solution for logging out through my SSO script, which leads me to the login page with a message that the session has expired?

UPDATE:

The problem seems to be related to my PhpMyAdmin server configuration (/etc/phpMyAdmin/servers.ini.php in my case):

 <?php $cfg['Servers'] = array( 1 => array('auth_type' => 'signon', ..., 'SignonScript' => '/usr/share/phpMyAdmin/sso.php', 'SignonURL' => 'index.php?server=1'), 2 => array('auth_type' => 'cookie', ...) ); 

I checked the network request after the session timeout, and it turns out there actually is a request with ?session_expired=1 (which starts the session timeout message) sent to server 1; because this script returns null (without logging in), does it redirect to SignonURL index.php? server = 1, omitting the optional parameter session_expired.

I could extend this url with & session_expired = 1, however this will also trigger a message when logging out regularly.

I am open to any ideas for improving behavior.