U4-4231 - remove umbracoUserLogins table

Created by Dan Evans 14 Feb 2014, 08:15:52 Updated by Shannon Deminick 25 Aug 2015, 15:24:01

this table is not used anymore (since a long time ago)

Comments

Zac 08 Jun 2015, 17:31:27

Is this table not used anymore? If so, is a login history maintained anywhere? EDIT: FYI - found a user log in the UmbracoTraceLog.txt file - all entries are logged as "Umbraco.Web.Security.WebSecurity"


Dennis Milandt 05 Jul 2015, 17:11:02

I would also like to know if umbracoUserLogins is not in use anymore?


Dennis Milandt 06 Jul 2015, 08:46:56

Thank you Shannon for clarifying. I wanted to find a way to see active user sessions in Umbraco, so I'm a little sad that this table is no longer used :)


Shannon Deminick 06 Jul 2015, 08:48:39

It hasn't been used since around v 4.5


Shannon Deminick 06 Jul 2015, 08:51:04

In 7.3, we are using ASP.Net identity which is extensible. If you wanted that functionality you could plug that logic in with your own db table. This table is also out of date with how auth works, for example there is no 'context id'


Dennis Milandt 06 Jul 2015, 08:52:44

That makes sense. Though, there is a session id, right? No? There is a session id in the current auth cookie. I wanted to be able to see if a session id was currently active or not. Currently I found no way to do that (from the front end)


Shannon Deminick 06 Jul 2015, 08:56:34

There is but it's not used for anything at all. If you want to get the time remaining for a current auth ticket for the current user, we already have that functionality. You just need to decrypt the ticket and read it.

https://github.com/umbraco/Umbraco-CMS/blob/a3d4ccc062b94859e446b1206bf21f334577a35c/src/Umbraco.Core/Security/AuthenticationExtensions.cs#L321


Sebastiaan Janssen 06 Jul 2015, 08:56:54

FYI: In case you want to keep a record of all login/logout attempts (7.2.6+ has more logging of this) you can add an appender to the log4net config file that filters just the security stuff, the following example logs to a txt file but you can make it do whatever you want of course:

{code}


Dennis Milandt 06 Jul 2015, 09:01:43

That might be exactly what I need @Shandem. Thank you a lot for that!! I'll test it out.

@sebastiaan I didn't think of that. I did however look into overriding the login provider for Umbraco, but what I really need to know was if a session was still active, and the login provider will not tell me that - only when people log in or out etc.


Sebastiaan Janssen 06 Jul 2015, 13:00:18

Absolutely Dennis, I understand the requirement! I just got curious myself to see if I could make an audit log for just logins (and in 7.3 for logouts) so you can easily analyze this data later in case you suspect a breach or something. So this is more of a "for future reference" thing!


Dennis Milandt 07 Jul 2015, 10:06:44

@Shandem Thank you so much for your help. This did the trick:

{code:lang:c#}

using System.Web; using Umbraco.Core.Security;

[...]

var wrapper = new HttpContextWrapper(HttpContext.Current); var ticket = wrapper.GetUmbracoAuthTicket(); if(ticket.GetRemainingAuthSeconds() > 0) _isLoggedIn = true;

I have seen a lot of posts for Umbraco 7 for developers who wanted to check if an Umbraco editor user was logged into the Umbraco backend. All examples I have seen so far didn't work once an Umbraco member was logged into the frontend because of the way the authentication context works. This however works flawlessly.


Denise del Bando 25 Aug 2015, 15:07:47

I wish i read this info before i was extending the plugin "the dashboard". to show recent logins. Is there a reason why this table still exists in umbraco 7?


Shannon Deminick 25 Aug 2015, 15:24:01

It doesn't serve any purpose in v7


Priority: Normal

Type: Bug

State: Fixed

Assignee: Shannon Deminick

Difficulty: Normal

Category:

Backwards Compatible: True

Fix Submitted:

Affected versions: 7.1.7, 7.1.8, 7.1.9, 7.2.1, 7.2.2

Due in version: 7.3.0

Sprint:

Story Points:

Cycle: