[TYPO3-dev] How can I detect a logged in fronted user?
Martin Kutschker
Martin.Kutschker at n0spam-blackbox.net
Wed Jun 13 09:44:58 CEST 2007
Michael Stucki schrieb:
> Hi Michiel,
>
>> When a backend user logs in the be_typo_user cookie is set.
>>
>> This can successfully be detected by mod_rewrite using the condition:
>> RewriteCond %{HTTP_COOKIE} !be_typo_user
>
> The cookie is set when loading /typo3/index.php, so it can be there even
> before the login! Don't trust it, even not for be_users!
>
>> The fe_typo_user cookie is allways set!
>>
>> Even if a user never logs in.
>>
>> When a user does log in, the cookie does not change and no new cookies
>> are set.
>
> Right. I dislike this behaviour very much. TYPO3 does fe_session checks on
> every request, while it could simply skip that if the cookie would only
> exist for logged in users. Will try to change soon...
But than you cannot trace a clomplete session for a user which starts
anonymously and continues after a login. Maybe we can add a second cookie
for that purpose to signify an authenticated session.
OTOH TYPO3 doesn't track session in the session table. I'd like to see a
record for each session so I can do a reliable count(*) on it. Ideally we
could use Mysql table type HEAP for it, so writing is cheap.
BTW, the activity timestamp should IMHO done on the session table and not
on the user tables.
Masi
More information about the TYPO3-dev
mailing list