Details
-
New Feature
-
Status: Closed
-
Major
-
Resolution: Fixed
-
viewer-wicket-1.7.0, core-1.7.0
-
None
Description
A log showing the following info (at least) must be available:
- Account who has been logged.
- Date/Time the session has been started.
- Date/Time the session has been ended (by the user or automatically due to inactivity, etc.).
~~~
Suggest that this be specified some sort of new optional service defined in the applib.
If present, then on login and logout we can call this new optional service.
I can imagine there being a requirement to surface this info in the UI, which probably means persisting to a database, ie some sort of new audit entity.
Easiest option is to have the new service could be implemented by isisaddons' isis-module-security? Or perhaps a completely new isisaddon service if don't want to couple this?
Not sure how to capture timeouts; is this info available through some sort of Wicket callback? Perhaps it should be done through a Quartz scheduler service, which can mark sessions as dead if not used for 15 minutes?