Bug #71312

fe_users: a logout does not clear the field 'is_online'

Added by Bernd Wilke almost 4 years ago. Updated over 1 year ago.

Status:
New
Priority:
Should have
Assignee:
-
Category:
felogin
Start date:
2015-11-04
Due date:
% Done:

0%

TYPO3 Version:
6.2
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

on login the field 'is_online' is written with a timestamp.
on interaction with the site the field is updated.
so you can consider an user as inactive if the timestamp is older than N minutes.

but if an user explicit logs out the field is not cleared but the last value stays in the field.
in this way you can not decide active users, as the the logged out user may have been called pages up until the logout and got a newer timestamp than an user which is reading for some time on a page and may interact in the next minute as his login is still valid.


Related issues

Related to TYPO3 Core - Story #84616: Add currently online users information Closed 2018-04-04

History

#1 Updated by Bernd Wilke almost 4 years ago

meanwhile you can use a hook as work around:

in ext_localconf.php:

$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_pre_processing'][] = 'Tx_MyExt_Hooks_FrontendLoginHook->resetIsOnline';

in EXT:my_ext/Classes/Hooks/FrontendLoginHook.php:

<?php
class Tx_Jonastone_Hooks_FrontendLoginHook
{

    public function resetIsOnline($params, &$pObj) {
        $currentData = $pObj->fetchUserSession(true);
        if ($currentData) {
            $currentUser = $currentData['uid'];

            if (is_int($currentUser)) {
                $into_table = 'fe_users';
                $where_clause = 'uid = ' . $currentUser;
                $field_values = array(
                    'is_online' => 0
                );

                $res = $GLOBALS['TYPO3_DB']->exec_UPDATEquery($into_table
                    , $where_clause
                    , $field_values
                );
            }
        }
    }
}

#2 Updated by Jigal van Hemert about 3 years ago

  • Status changed from New to Needs Feedback

The database field may not have the correct name, but it contains the timestamp of the last activity of the user. HTTP is a stateless protocol and thus a webserver takes every request as a separate event. Most users don't explicitly logoff; they just close the browser or move to a different URL. There is no good way to know if the user is really online or has silently left.
Web statistics have the same challenge and usually look at the time between two requests of the same origin and if that is longer than a threshold they consider it two visits.

#3 Updated by Bernd Wilke about 3 years ago

Users who does not log out may not be identified correct. that problem can not be solved.
User who did a log out could be decided. but the core does not do it, so it is possible in an easy way (see hook).
It would be helpful to have at least this in the core

#4 Updated by Alexander Opitz almost 3 years ago

The 'is_online' state is updated for every 60 seconds, so timestamps older then 120 s (2min) can be read as not online anymore. An value of 0 means the user never logged in.

I think this should be enough. Do you have a scenario where a better solution is needed?

#5 Updated by Bernd Wilke almost 3 years ago

Since when is the status of a FE-user updated every 60 seconds?

the ticket was created for showing the availability of support members. They logged in in the FE to show up in the list and should be removed immediately on demand. they don't are active in the FE so no page refreshes and no updates of the field 'is_online'.
the availibilty is shown to visitors with a AJAX refresh every minute.

The only solution was the hook to clear the field at an explicit logout.

#6 Updated by Alexander Opitz almost 3 years ago

Ok, to clarify my statement:

Th 'is_online' value only gets updated with requests after 60 seconds and not on every request.

#7 Updated by Bernd Wilke almost 3 years ago

than your statement "so timestamps older then 120 s (2min) can be read as not online anymore." is wrong.
as a user who does not interact with the webserver between 60 and 120 seconds is wrongly considered offline.
maybe a user needs 3 minutes to read a page. is he offline? no!

either the fieldname is wrong (it does not hold the online state of the user and you can not clearly decide the status from the timestamp the field holds) -
or the behaviour must change in case you clearly can decide the state (= the user logged off explicit)

#8 Updated by Alexander Opitz almost 3 years ago

"can be read" ... that do not mean you MUST read them as offline.

#9 Updated by Alexander Opitz almost 3 years ago

  • Status changed from Needs Feedback to New
  • Target version set to Candidate for Major Version

As this needs API/Functionality changes it can only be handled in a new Major Version:

IMHO we need to split the meaning to 2 fields as "state online/offline" and "last seen online"

#10 Updated by Jigal van Hemert over 1 year ago

Alexander Opitz wrote:

IMHO we need to split the meaning to 2 fields as "state online/offline" and "last seen online"

Splitting the field doesn't add information. The main difference between FE and BE is that in the backend a JS function regularly does an AJAX call to update the logged in status. In the frontend the CMS has no control over JS functionality so the only thing it can do out of the box is update it on each request.
If you really want to keep track of users that have a browser window open as "logged in" you can simply build some JS with a timer that does an AJAX call to a script that updates the field.

Shall we close this issue?

#11 Updated by Alexander Opitz over 1 year ago

@Jigal

The original issue is about the "logout" button. The user is still managed as "is_online".

#12 Updated by Bernd Wilke over 1 year ago

  • Related to Story #84616: Add currently online users information added

Also available in: Atom PDF