- **status**: code-review --> closed
- **QA**: Dave Brondsema
- **Milestone**: forge-backlog --> forge-jul-25



---

** [tickets:#7480] Track last session info**

**Status:** closed
**Milestone:** forge-jul-25
**Labels:** 42cc 
**Created:** Wed Jun 18, 2014 08:45 PM UTC by Dave Brondsema
**Last Updated:** Fri Jul 18, 2014 08:55 AM UTC
**Owner:** nobody

For security/audit purposes, we'd like to record the last time a user logged 
in, and the last time they had an active session (since with "remember me" the 
login date may be quite old but they're still active), and the User-Agent and 
IP address used.  This should be independent of the Auth Provider if at all 
possible (e.g. works with both local and ldap).

Since "active session" will be new every time a user accesses any page, that 
would cause us to save new timestamp/ip/ua on every pageview which is a little 
extreme and could have performance implications.  I think it'd probably be 
better to only store it with a whole-day granularity, so we only need to update 
the value once per day (or more if IP/UA changes).

I haven't thought too much about where to store this but maybe a dict in the 
User model that would store all the fields (e.g. dict `last_access` with fields 
login_timestamp, login_ip, login_ua, session_date, session_ip, session_ua).

Add the new fields to `scripts/scrub-allura-data.py` too


---

Sent from sourceforge.net because [email protected] is subscribed to 
https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at 
https://sourceforge.net/p/allura/admin/tickets/options.  Or, if this is a 
mailing list, you can unsubscribe from the mailing list.

Reply via email to