Log Logins and Logouts

revjrblack · April 1, 2019, 1:01pm

What’s the safest way to log user’s login and logout events to a table? Is it possible to add this to the login and logout actions?

Thanks for any help or suggestions!

Teodor · April 1, 2019, 1:05pm

Hi JR,
Yes, that’s the way to do this - add an Insert step after the log in and log out steps in your server actions.

revjrblack · April 1, 2019, 1:05pm

Super Teo, thanks for the confirmation! I appreciate it…

Hyperbytes · April 1, 2019, 2:21pm

Following on from that.

I tend to have an action called audit (or similar) with $_GET parameters in my systems which inserts info into an audit table.
I can than at any time send an audit message to the table with a simple server connect call

Typically i send a user ID, message text and perhaps a key to a table. An example is like this:

The action is called with the parameters set which are inserted into the table

Quick and easy way of making an audit trail, can also be send from a dynamic event

Teodor · April 1, 2019, 2:06pm

That’s also a nice solution Brian, thanks for sharing it

revjrblack · April 1, 2019, 2:10pm

The login insert works perfectly. However, I am having a little difficulty getting the logout insert to capture the desired data.

Should I query the logged in user’s to capture the username before the security logout?

Teodor · April 1, 2019, 2:14pm

What info do you need to store? The logged user Identity?

revjrblack · April 1, 2019, 2:17pm

Sorry, I was distracted and forgot to put that info…
All we need is the username and the timestamp.

Hyperbytes · April 1, 2019, 2:17pm

Yes or it will be lost

revjrblack · April 1, 2019, 2:18pm

That’s the issue that I have found out. My experience level ran out of other options. Ha!

Hyperbytes · April 1, 2019, 2:19pm

I would set the timestamp as a default in the database table rather than sending it from the inset query if not already doing that. Much easier and cleaner

Teodor · April 1, 2019, 2:24pm

By the way there is no need to store the username in this table, why not just store the identity?
Just place the insert step between the security provider step and logout step:

security provider
insert in log table
log out

This way the insert step has access to the logged user identity (you will see it in the data picker).

revjrblack · April 1, 2019, 4:16pm

The client was wanting a way to know when a user accessed the page that confirms their appointment and when that was completed. I thought maybe I could timestamp their login and logout. They would login to confirm the appt. and then logout afterward. This will be placed in a table to be queried to a ‘calendar’ of appointments.

brad · April 1, 2019, 4:17pm

I used to have a set up like that. I finally stopped tracking log out as it seems most people didn’t actually log out. They just closed their browsers.

revjrblack · April 1, 2019, 4:19pm

That is true… thanks! Now I can move on to more important items. Ha!