Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The option to display the user's last login/access doesn't seem to be setting the message through drupal_set_message for a successful login.
Comment | File | Size | Author |
---|---|---|---|
#1 | login_security_492600_1.patch | 1.39 KB | ilo |
Comments
Comment #1
ilo CreditAttribution: ilo commentedmm...
Currently the notification of the last access and login is done in the "login" op of the hook_user, what IMHO is not correct. The last access could be done in the the 'login' op, as account is loaded with this value untouched in the $account param. The problem is for the last login timestamp. The account is loaded, but not in the $user variable, therefore the values are not populated to the 'login' op.
This patch will update the "last login" variable everytime a user is loaded. I don't like it but it works. For the login workflow, only one account is loaded, and it's the logged in account. The last access timestamp is fixed also.
Comment #2
deekayen CreditAttribution: deekayen commentedI actually made that same patch on my own. It fails the additional tests I just committed. The problem shows on a user's first login. hook_user is firing the login op first and those elements of the object are set, but the access and login are already set by then. That means the last login time is the same instance of the current login.
Comment #3
deekayen CreditAttribution: deekayen commentedPerhaps the new user_load I added to the validate could be used to temporarily store the access and login time? Then unset it from the session after the drupal_set_message is executed.
Comment #4
ilo CreditAttribution: ilo commentedI'll commit this and the other minor issues for now, and we can review the login process more deeply later. Do you think we can consider the "first login issue" as normal situation for now?.
Do I patch and commit?
Comment #5
deekayen CreditAttribution: deekayen commentedI don't see it as a minor issue. It breaks the tests because there is a message on the first login and shouldn't be one at all. The subsequent logins also show the current login's instance timestamp. I just meant I discovered the problem because the first login shouldn't have had a message in the first place. The previous login tests I committed don't assertPattern for a reasonable date string which is why the rest of the tests don't fail.
Comment #6
deekayen CreditAttribution: deekayen commentedhttp://cvs.drupal.org/viewvc.py/drupal/contributions/modules/login_secur...