---
** [tickets:#7480] Track last session info**
**Status:** in-progress
**Milestone:** forge-backlog
**Labels:** 42cc
**Created:** Wed Jun 18, 2014 08:45 PM UTC by Dave Brondsema
**Last Updated:** Wed Jun 18, 2014 08:45 PM UTC
**Owner:** nobody
For security/audit purposes, we'd like to record the last time a user logged
in, and the last time they had an active session (since with "remember me" the
login date may be quite old but they're still active), and the User-Agent and
IP address used. This should be independent of the Auth Provider if at all
possible (e.g. works with both local and ldap).
Since "active session" will be new every time a user accesses any page, that
would cause us to save new timestamp/ip/ua on every pageview which is a little
extreme and could have performance implications. I think it'd probably be
better to only store it with a whole-day granularity, so we only need to update
the value once per day (or more if IP/UA changes).
I haven't thought too much about where to store this but maybe a dict in the
User model that would store all the fields (e.g. dict `last_access` with fields
login_timestamp, login_ip, login_ua, session_date, session_ip, session_ua).
Add the new fields to `scripts/scrub-allura-data.py` too
---
Sent from sourceforge.net because [email protected] is subscribed to
https://sourceforge.net/p/allura/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://sourceforge.net/p/allura/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list.