Skip to content

User session managment and audit #5312

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
lafriks opened this issue Nov 10, 2018 · 9 comments
Open

User session managment and audit #5312

lafriks opened this issue Nov 10, 2018 · 9 comments
Labels
issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented type/feature Completely new functionality. Can only be merged if feature freeze is not active.

Comments

@lafriks
Copy link
Member

lafriks commented Nov 10, 2018

All authorized user sessions should be stored in database.
Sessions table should contain data:

  • Session ID
  • User ID
  • User IP address
  • Session creation time (authorization time)
  • Last request/access time
  • Logout time (or session timeout time)
@lafriks lafriks added the type/feature Completely new functionality. Can only be merged if feature freeze is not active. label Nov 10, 2018
@lafriks
Copy link
Member Author

lafriks commented Nov 10, 2018

@cezar97 label feature is for everything that gitea currently does not have :) but yes this is something that would be needed to fix your mentioned issue. And also to add option to logout all user sessions when he changes password for example

@lunny
Copy link
Member

lunny commented Nov 11, 2018

So if this will also fix #8 ?

@lafriks
Copy link
Member Author

lafriks commented Nov 11, 2018

@lunny no, this is just authorization audit log but this could be requirement for that

@stale
Copy link

stale bot commented Jan 10, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

@stale stale bot added the issue/stale label Jan 10, 2019
@adelowo
Copy link
Member

adelowo commented Feb 7, 2019

I'd try to work on this during the weekend.

@lafriks Do you have an idea of what the UI is supposed to look like? Just a regular table :)

@stale stale bot removed the issue/stale label Feb 7, 2019
@lafriks
Copy link
Member Author

lafriks commented Feb 8, 2019

something like user list table in admin UI

@stale
Copy link

stale bot commented Apr 9, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

@stale stale bot added the issue/stale label Apr 9, 2019
@lunny lunny added the issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented label Apr 9, 2019
@stale stale bot removed the issue/stale label Apr 9, 2019
@lafriks lafriks mentioned this issue Apr 9, 2020
Closed
@elesiuta elesiuta mentioned this issue Nov 14, 2020
Open
6 tasks
@bendem
Copy link

bendem commented Mar 24, 2021

Should also store the user agent. I find it really helps users when you can tell them which browser the session was created from. Much more than providing their IP.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented type/feature Completely new functionality. Can only be merged if feature freeze is not active.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@lunny @lafriks @bendem @adelowo and others