We have moved to GitHub Issues
Created by Dan Evans 14 Feb 2014, 08:15:52 Updated by Shannon Deminick 25 Aug 2015, 15:24:01
this table is not used anymore (since a long time ago)
Is this table not used anymore? If so, is a login history maintained anywhere? EDIT: FYI - found a user log in the UmbracoTraceLog.txt file - all entries are logged as "Umbraco.Web.Security.WebSecurity"
I would also like to know if umbracoUserLogins is not in use anymore?
Thank you Shannon for clarifying. I wanted to find a way to see active user sessions in Umbraco, so I'm a little sad that this table is no longer used :)
It hasn't been used since around v 4.5
In 7.3, we are using ASP.Net identity which is extensible. If you wanted that functionality you could plug that logic in with your own db table. This table is also out of date with how auth works, for example there is no 'context id'
That makes sense. Though, there is a session id, right? No? There is a session id in the current auth cookie. I wanted to be able to see if a session id was currently active or not. Currently I found no way to do that (from the front end)
There is but it's not used for anything at all. If you want to get the time remaining for a current auth ticket for the current user, we already have that functionality. You just need to decrypt the ticket and read it.
FYI: In case you want to keep a record of all login/logout attempts (7.2.6+ has more logging of this) you can add an appender to the log4net config file that filters just the security stuff, the following example logs to a txt file but you can make it do whatever you want of course:
That might be exactly what I need @Shandem. Thank you a lot for that!! I'll test it out.
@sebastiaan I didn't think of that. I did however look into overriding the login provider for Umbraco, but what I really need to know was if a session was still active, and the login provider will not tell me that - only when people log in or out etc.
Absolutely Dennis, I understand the requirement! I just got curious myself to see if I could make an audit log for just logins (and in 7.3 for logouts) so you can easily analyze this data later in case you suspect a breach or something. So this is more of a "for future reference" thing!
@Shandem Thank you so much for your help. This did the trick:
using System.Web; using Umbraco.Core.Security;
var wrapper = new HttpContextWrapper(HttpContext.Current); var ticket = wrapper.GetUmbracoAuthTicket(); if(ticket.GetRemainingAuthSeconds() > 0) _isLoggedIn = true;
I have seen a lot of posts for Umbraco 7 for developers who wanted to check if an Umbraco editor user was logged into the Umbraco backend. All examples I have seen so far didn't work once an Umbraco member was logged into the frontend because of the way the authentication context works. This however works flawlessly.
I wish i read this info before i was extending the plugin "the dashboard". to show recent logins. Is there a reason why this table still exists in umbraco 7?
It doesn't serve any purpose in v7
Assignee: Shannon Deminick
Backwards Compatible: True
Affected versions: 7.1.7, 7.1.8, 7.1.9, 7.2.1, 7.2.2
Due in version: 7.3.0