27 Feb
2011
27 Feb
'11
12:59 a.m.
Hello fellow developers,
what is the best way to listen to login events?
Is there a notification of some sort?
For any session creation or destruction?
thanks in advance
paul
27 Feb
27 Feb
11:56 a.m.
On Sun, Feb 27, 2011 at 00:59, Paul Libbrecht <paul(a)hoplahup.net> wrote:
Hello fellow developers,
what is the best way to listen to login events?
Is there a notification of some sort?
Not yet no. You can follow
http://jira.xwiki.org/jira/browse/XWIKI-5826 but I can't give you any
planned date since nobody is working on it. But if you want to do it
and provide a patch we will be glad to help you, it should not be too
hard I think at least for the login part.
For any session creation or destruction?
Maybe there is a way in servlet API but i don't know it.
The only way I can think of right now that does not imply implementing
http://jira.xwiki.org/jira/browse/XWIKI-5826 is to overload standard
authenticator with your own. See
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HCustomA…
thanks in advance
paul
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
--
Thomas Mortagne
28 Feb
28 Feb
1:40 a.m.
On 02/27/2011 12:59 AM, Paul Libbrecht wrote:
Hello fellow developers,
what is the best way to listen to login events?
If you want to listen to active clicking on the login button, then you
can listen to the "login" ActionExecutionEvent.
Is there a notification of some sort?
For any session creation or destruction?
javax.servlet.http.HttpSessionListener but HTTP Sessions are not a good
indication of logins/logouts. Actually (and this is very bad) loging in
and out keeps the same session.
It's hard to know what exactly is a login, since the current user is
reauthenticated for each request by checking the cookies sent. The login
process simply sends those cookies to the client, it doesn't really mark
somewhere that JohnDoe just logged in.
Yet, there are some optional traces you could use:
- if you enable statistics, then its Visit objects can track when a user
made the first request in a new visit
- if you leave the authentication cache on (as it is by default since a
while ago) you can watch (via HttpSessionAttributeListener) when the
user authentication token is added to the session
--
Sergiu Dumitriu
http://purl.org/net/sergiu/
5002
days inactive
5004
days old
2 comments
3 participants
participants (3)
-
Paul Libbrecht -
Sergiu Dumitriu -
Thomas Mortagne