Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Request: add option to be invisible and not alterate last login date. #11

Open
PeopleInside opened this issue Jun 12, 2020 · 4 comments
Open

Request: add option to be invisible and not alterate last login date. #11

PeopleInside opened this issue Jun 12, 2020 · 4 comments

Comments

@PeopleInside
Copy link

Will be nice to be able to login as user but to not result to be online.

This can be a check box.
Another check box option can be to not alterate the last login date.

This can help to prevent to result online due user issue diagnostic also to not alterate the original last login from user date.
@clarkwinkelmann
Copy link
Member

clarkwinkelmann commented Jun 16, 2020
edited
Loading

This won't be easy to implement. user::updateLastSeen() is always called from Flarum\Http\Middleware\AuthenticateWithSession.

The user.discloseOnline preference only toggles who can see that value.

This feature would require to develop some kind of incognito cookie session for Flarum. Maybe it would be best as its own extension, which we could then connect with Impersonate.

Or maybe at some point we should change how Impersonate sessions work. We could use a different middleware to login into the impersonated account, where we could skip that update. Using a different session key would also potentially allow the "go back to main account" feature which is currently impossible.

@PeopleInside
Copy link
Author

Or maybe at some point we should change how Impersonate sessions work. We could use a different middleware to login into the impersonated account, where we could skip that update. Using a different session key would also potentially allow the "go back to main account" feature which is currently impossible.

Will be nice.

@Ralkage
Copy link

Ralkage commented Mar 4, 2021
edited
Loading

Or maybe at some point we should change how Impersonate sessions work. We could use a different middleware to login into the impersonated account, where we could skip that update. Using a different session key would also potentially allow the "go back to main account" feature which is currently impossible.

Would love to see this too!!

Ideally, having a message at the top somewhere or even a alert/notice around where the email confirmation alert would be.

The message would be something like:

image

Do you recommend that I create a new issue/feature request for this? @clarkwinkelmann

@clarkwinkelmann
Copy link
Member

clarkwinkelmann commented Mar 4, 2021
edited
Loading

I feel like this is best kept as a single issue for now.

To me it seems one must be done with the other (and it should be done!), so it really goes hand in hand.

Once we fix the primary issue here, I don't see any reason why we would want to update the online status and last online date. That probably shouldn't even be an option.

EDIT: since this extension will need an update due to the access token changes in beta 16 anyway, I can take care of implementing this at that time.

It'll be even more important to move away from opening a new session once the session management tool is finished in Flarum (probably beta 17), because once that's done the user would actually see the admin session in their session list, along with the IP of the admin and could even terminate the session manually or by changing password, which we don't want to be possible.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Ralkage @PeopleInside @clarkwinkelmann