[allura:tickets] #7480 Track last session info

[Igor Bondarenko <je...@users.sf.net>]

- **status**: in-progress --> code-review
- **Comment**:

Closed #610. `je/42cc_7480`



---

** [tickets:#7480] Track last session info**

**Status:** code-review
**Milestone:** forge-backlog
**Labels:** 42cc 
**Created:** Wed Jun 18, 2014 08:45 PM UTC by Dave Brondsema
**Last Updated:** Wed Jun 18, 2014 08:45 PM UTC
**Owner:** nobody

For security/audit purposes, we'd like to record the last time a user logged in, and the last time they had an active session (since with "remember me" the login date may be quite old but they're still active), and the User-Agent and IP address used.  This should be independent of the Auth Provider if at all possible (e.g. works with both local and ldap).

Since "active session" will be new every time a user accesses any page, that would cause us to save new timestamp/ip/ua on every pageview which is a little extreme and could have performance implications.  I think it'd probably be better to only store it with a whole-day granularity, so we only need to update the value once per day (or more if IP/UA changes).

I haven't thought too much about where to store this but maybe a dict in the User model that would store all the fields (e.g. dict `last_access` with fields login_timestamp, login_ip, login_ua, session_date, session_ip, session_ua).

Add the new fields to `scripts/scrub-allura-data.py` too


---

Sent from sourceforge.net because dev@allura.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.