Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Scenario:
- I would like to know for x domains if users are logged in and who that is. I would to know that either for current time or for a time in past, like the last weekend.
- I want react on this. Maybe log them all out or send them a notification to please log out.
So an action, that handles that for me, would be very helpful. It would return the user information (maybe configurable by parameters) and perform an action determined by myself. It could take parameters like:
1. Check for now or specific time in past.
2. Exclude/Include user 1.
3. Send them mail.
4. Log them out.
...
I (as you know, i think) already wrote a custom action named CheckLoggedUsers, but i'm not in agreement with the method of 'Who's online' that takes the access time - 15 min to determine whether someone is logged in. I didn't find anything helpful to determine that in a better, cleaner way. Maybe you have an idea?
Comments
Comment #2
jurgenhaasWe should break this into at least 2 parts:
Part 1: regularely collect data from remote, i.e. which user is logged in, and store that in an appropriate way such that we have sufficient records available on which you can later base some of your decisions. If we don't collect data regularely, then you can do anything for situations in the past, as you describe them. For this part I'd like to refer to #2654304: Heartbeat which is currently held back mainly because we have to decide first, how to store all the heartbeat data that we're going to collect.
Part 2: taking some actions based on the collected data. This part is then up for discussion right here and can be implemented pretty much exactly as you described it above. To be able to do that, the data collection only requires the timestamp and user id for each logged in user at the time. All other details like name or email address can be requested when you take some action like either notifying the user or cancelling their sessions.
Regarding the problem to find out who is actually online, I'd strongly argue to base that on the session table. Because even if a user hasn't touched the site for a couple of days, their session might still be valid and as long as they keep their session cookie and it is not expired and also present in the Drupal database, it represents a valid session which allows access under that username without logging in again. Having said that, you can ignore the bit, when the user touched the site the last time. However, I would probably collect that data as well to understand a bit more about the typical user behaviour on a site.
If I'm not wrong we should first solve the questions over at #2654304: Heartbeat and come back here afterwards.
Comment #3
jurgenhaasComment #4
jurgenhaashttps://gitlab.com/drupalspoons/drd/-/issues/57