[horde] WG: Re: forcing logouts?

Jan Schneider jan at horde.org
Mon Feb 26 15:10:48 PST 2007



----- Weitergeleitete Nachricht von kevin.konowalec at ualberta.ca -----
      Datum: Mon, 26 Feb 2007 15:55:00 -0700
        Von: Kevin Konowalec <kevin.konowalec at ualberta.ca>
    Betreff: Re: [horde] forcing logouts?
         An: Jan Schneider <jan at horde.org>


On Feb 26, 2007, at 3:05 PM, Jan Schneider wrote:

> Zitat von Kevin Konowalec <webadmin at ualberta.ca>:
>
>> So I was hoping it would be possible to prevent users from  
>> navigating away from horde (in the window the user logged into  
>> horde in) or shutting down the browser without logging out.  Has  
>> anyone looked into doing something similar?  I'm sure I could go  
>> through and add a chunk of javascript to every page as a footer  
>> that would accomplish this but if there's a better/more elegant  
>> solution I'd love to know about it.
>
> If they are shutting down the browser, the browser session is lost  
> which is almost as safe as loggin out. At least if cookies are  
> turned on, but you have forced to use cookies, don't you?
> If this is not sufficient, you can configure the cookies to time out  
> after a while, instead of when closing the browser. But that doesn't  
> help is someone is accessing the same computer directly after the  
> first user left.
>
> Jan.


Shutting down the browser would be sufficient in terms of security,  
yes.  However, navigating away from horde and forgetting you did so  
wouldn't allow you the same luxury unless you did shut down the  
browser when you're finished... which is what I'm hoping most do in  
public labs.

Ultimately the concern is not only security but also a question of  
system monitoring and statistics.  The powers that be are demanding  
usage stats from all services and I'm having a hard time giving  
concrete numbers.  Since there is no statistics module in horde that  
can tell me how many people are concurrently using the system, nor  
incremental usage over time, I'm having to derive it from the horde  
logs.  But the horde logs seem to say that there are nearly double the  
number of users logging in than logging out in a given day.

I'm still analyzing my logs to figure out what exactly it's telling me  
but is it possible that horde is recording a login multiple times in a  
session?  If not then I've either made a mistake in analysis OR there  
are a lot of people not logging out properly:

Feb15

Total number of logins:  76682
Total number of logouts:  37114
Total number of DISTINCT logins:  25918
Total number of DISTINCT logins without logouts:  13942
Total number of DISTINCT proper login/logouts:  11938
Total number of failed login attempts:  5713
Average number of logins per user:  2.96080929765628
Average number of logouts per user:  2.65024453394707
Number of users with more logins than logouts:  15940


It's interesting to see things like this:

Feb 26 12:41:50 src at webcluster6 HORDE[32093]: [imp] Login success for  
xxxx at ualberta.ca [aa.aa.aa.aa] to {142.244.12.147:143} [on line 152 of  
"/var/www/horde/imp/redirect.php"]
Feb 26 12:47:40 src at webcluster6 HORDE[4324]: [imp] Login success for  
xxxx at ualberta.ca [aa.aa.aa.aa] to {142.244.12.147:143} [on line 152 of  
"/var/www/horde/imp/redirect.php"]
Feb 26 12:48:13 src at webcluster6 HORDE[3314]: [imp] Logout for  
xxxx at ualberta.ca [aa.aa.aa.aa] from {142.244.12.147:143} [on line 42  
of "/var/www/horde/imp/login.php"]


Why would you see two sequential logins like that without any activity  
in between?






----- Ende der weitergeleiteten Nachricht -----


Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/
-------------- next part --------------
An embedded message was scrubbed...
From: Kevin Konowalec <kevin.konowalec at ualberta.ca>
Subject: Re: [horde] forcing logouts?
Date: Mon, 26 Feb 2007 15:55:00 -0700
Size: 6020
Url: http://lists.horde.org/archives/horde/attachments/20070226/57edde81/attachment.mht


More information about the horde mailing list