Last last seen time is not always displayed correctly

ℹ️ Support
1

Nextcloud version: 23.0.3.2
Operating system and version: Ubuntu 20.0.4 LTS
Apache or nginx version: Apache 2.4.41 & NGINX 1.18.0
PHP version: 8.0.17 (fpm) (mpm-event)

I can’t tell if what I’m about to describe here is a bug or if the problem is intentional or technical behavior.

For me it is necessary to know when a user was logged in the last time. Or better said I have to identify regularly all users who have not logged in for a longer time. It does not matter to me whether a user last logged in via the Nextcloud website, one of the mobile clients (Nextcloud Talk and/or Nextcloud App) or via a desktop client.

The problem is that the login time that is displayed in the user management of the website or via the occ user:lastseen command is only correct if you assume that a user was last logged in via the website. A login via one of the other mentioned ways is apparently not taken into account.

As I already wrote, I don’t know if this has technical reasons or if it’s actually intentional or a bug. This problem has been plaguing me for many Nextcloud versions now. I have not found an answer to this and would like to have certainty.

Is this the first time you’ve seen this error? (Y/N): N

Steps to replicate it:

  1. Create a new test user.
  2. Log in the test user via the web page.
  3. The Nextcloud administrator will now see the correct last login date for the test user.
  4. Log out the test user again and let some time pass.
  5. Log in the test user via one of the mobile clients. (Nextcloud or Nextcloud Talk).
  6. The administrator still sees the same stale timestamp even though the test user was logged in.
  7. Now log the test user in again via the website.
  8. The administrator now sees the correct timestamp again.

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => 'HIDDEN',
  'passwordsalt' => 'HIDDEN',
  'secret' => 'HIDDEN',
  'trusted_domains' =>
  array (
    0 => 'HIDDEN',
  ),
  'default_language' => 'de',
  'default_locale' => 'de_DE',
  'force_language' => 'de',
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => 'localhost',
    'port' => 6379,
  ),
  'force_locale' => 'de_DE',
  'filesystem_check_changes' => 1,
  'skeletondirectory' => '',
  'session_lifetime' => 1800,
  'default_phone_region' => 'DE',
  'datadirectory' => 'HIDDEN',
  'dbtype' => 'mysql',
  'version' => '23.0.3.2',
  'overwrite.cli.url' => 'HIDDEN',
  'dbname' => 'HIDDEN',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'HIDDEN',
  'dbpassword' => 'HIDDEN',
  'installed' => true,
  'app_install_overwrite' =>
  array (
    0 => 'files_lock',
    1 => 'mindmap_app',
    2 => 'files_fulltextsearch_tesseract',
    3 => 'admin_notifications',
    4 => 'customproperties',
    5 => 'announcementcenter',
    6 => 'whiteboard',
    7 => 'richdocuments',
  ),
  'mail_from_address' => 'HIDDEN',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => 'HIDDEN',
  'mail_smtpsecure' => 'ssl',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'HIDDEN',
  'mail_smtpname' => 'HIDDEN',
  'mail_smtppassword' => 'HIDDEN',
  'updater.release.channel' => 'stable',
  'mail_smtpport' => '465',
  'maintenance' => false,
  'allow_user_to_change_display_name' => false,
  'trusted_proxies' =>
  array (
    0 => '127.0.0.1',
    1 => '::1',
  ),
  'theme' => '',
  'loglevel' => 0,
);

With kind regards

Jochen Becker

1 Like
2

I’m sorry that no-one has replied to this comment, because the “occ user:lastseen” command only gives the date of the last connection with the Nextcloud web application, and not the date of the last connection with a desktop client. However, some users, and the most intensive ones at that, only use the desktop client! So how do you manage user accounts correctly, given that basic information systems security rules require unused accounts to be closed?

For example, the “occ user:lastseen” command shows that the user logged in on 14 June…

root@nextcloud:/var/www/nextcloud # sudo -u www-data php /var/www/nextcloud/occ user:lastseen florence.bailly@univ-fcomte.fr
florence.bailly@univ-fcomte.fr`s last login: 14.06.2024 07:54

whereas the Apache2 logs show that her desktop client logged in today, on 18 June… :thinking:

/var/log/apache2/access.log:172.20.20.133 - - [18/Jun/2024:14:35:07 +0200] "PROPFIND /remote.php/dav/files/florence.bailly@univ-fcomte.fr/ HTTP/1.1" 207 1252 "-" "Mozilla/5.0 (Windows) mirall/3.13.0stable-Win64 (build 20240423) (Nextcloud, windows-10.0.22631 ClientArchitecture: x86_64 OsArchitecture: x86_64)"

Could this request be passed on to the Nextcloud developers? All system administrators would be very grateful. :innocent:

thank you in advance for your attention.

Ernest.

3

The best place to put this enhancement suggestion up for serious consideration would be at GitHub - nextcloud/server: ☁️ Nextcloud server, a safe home for all your data

I suspect the issue here is there is a distinction between an interactive login and a transaction.

All the clients login via the Web UI, but the clients will have a token after that so they won’t necessarily trigger an interactive login again.

4

Suggestion accepted, I asked the question on the Nextcloud developers’ github.

1 Like