Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Which event updates the attribute login.lastLoginMillis in cwd_user_attributes jira table?

We have a user who was deactivated in Jira but the jira db cwd_user_attributes login.lastLoginMillis shows he logged in even after deactivation.

Just wanted to know if the stored token(created by remember me option) expiration will trigger this attribute or any other event which is not actually a user logging in.

 

We have jira 8.5 datacenter and oracle database.

3 answers

3 accepted

1 vote
Answer accepted

Hi @Divya Vishnumurthy I was checking source code of Jira Server 8.12.0 but I think it will be the same as DC 8.5. And I found this method

public LoginInfo recordLoginAttempt(final ApplicationUser user, final boolean authenticated) {
notNull("user", user);

UserWithAttributes userWithAttributes = crowdService.getUserWithAttributes(user.getName());
if (authenticated) {
// reset the failed count
setLong(userWithAttributes, CURRENT_FAILED_COUNT, 0);

updateLastLoginTime(userWithAttributes);
} else {
updateLastFailedLoginTime(userWithAttributes);
}
// Need to get a new copy of the attributes now.
return getLoginInfo(user);
}

Method updateLastLoginTime updates property you mentiones, while method updateLastFailedLoginTime updates property login.lastFailedLoginMillis. So for me it looks like the user was authenticated successfully. Can you check the user's Audit log (https://confluence.atlassian.com/adminjiraserver/auditing-in-jira-938847740.html#AuditinginJira-Viewtheauditlog)? 

Thank you Martin. So the user was disabled in LDAP which is used for authentication. Audit log shows the user was changed from active to inactive. But I dont have details of if he was authenticated. How does a user login successfully if he was disabled from LDAP? The remember me cookie will still allow him to login? Also checked the Jira database for stored token and that is empty.

1 vote
Answer accepted

It is the attempt to log in that matters.  Jira does not look at deactivation statys until after the user has logged in.

Will a stored cookie be the reason?

Cookies can hold current login information and be used by the browser to get back in.  That, and other SSO-like logins are not counted as logins - they're already logged in if they are coming in via them.

Thank you Nic. So the user did enter his credentials and log in. But the user was disabled in LDAP and the login should have failed. Will a failed attempt update as updateLastLoginTime? Are there any other reasons why this field was updated after LDAP was disabled?

0 votes
Answer accepted

https://jira.atlassian.com/browse/JSWSERVER-20649 

Our situation is similar and  its a product defect.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
8.5.4
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you