extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-26 09:53:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

* Api: no longer loggin last-logintime of anonymous user

Browse Source 
to not block website and also to better cope with high rate anon endpoints 
might be called creating a bottleneck in the egw_accounts table.
This commit is contained in:
Ralf Becker 2019-08-19 16:50:55 +02:00
parent ee4640ccda
commit 681679382c
1 changed files with 20 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
api/src/Session.php
View File

@ -634,9 +634,11 @@ class Session
if ($this->session_flags != 'A') // dont log anonymous sessions
{
$this->sessionid_access_log = $this->log_access($this->sessionid,$login,$user_ip,$this->account_id);
// We do NOT log anonymous sessions to not block website and also to cope with
// high rate anon endpoints might be called creating a bottleneck in the egw_accounts table.
Cache::setSession('phpgwapi', 'account_previous_login', $GLOBALS['egw']->auth->previous_login);
$GLOBALS['egw']->accounts->update_lastlogin($this->account_id,$user_ip);
}
Cache::setSession('phpgwapi', 'account_previous_login', $GLOBALS['egw']->auth->previous_login);
$GLOBALS['egw']->accounts->update_lastlogin($this->account_id,$user_ip);
$GLOBALS['egw']->db->transaction_commit();
if ($GLOBALS['egw_info']['server']['usecookies'] && !$no_session)
@ -973,16 +975,24 @@ class Session
const FALSE_ID_CACHE_PREFIX = 'false_id-';
/**
* Write or update (for logout) the access_log
*
* @param string|int $sessionid nummeric or PHP session id or error-message for unsuccessful logins
* @param string $login ='' account_lid (evtl. with domain) or '' for setting the logout-time
* @param string $user_ip ='' ip to log
* @param int $account_id =0 numerical account_id
* @return int $sessionid primary key of egw_access_log for login, null otherwise
*/
* Write or update (for logout) the access_log
*
* We do NOT log anonymous sessions to not block website and also to cope with
* high rate anon endpoints might be called creating a bottleneck in the egw_access_log table.
*
* @param string|int $sessionid nummeric or PHP session id or error-message for unsuccessful logins
* @param string $login ='' account_lid (evtl. with domain) or '' for setting the logout-time
* @param string $user_ip ='' ip to log
* @param int $account_id =0 numerical account_id
* @return int $sessionid primary key of egw_access_log for login, null otherwise
*/
private function log_access($sessionid,$login='',$user_ip='',$account_id=0)
{
// do not log anything for anonymous sessions
if ($this->session_flags === 'A')
{
return;
}
$now = time();
// if sessionid contains non-ascii chars (only happens for error-messages)