[MAGNOLIA-2917] last access date is updated also after a login failure Created: 29/Oct/09  Updated: 23/Jan/13  Resolved: 13/Nov/09

Status: Closed
Project: Magnolia
Component/s: core
Affects Version/s: 4.0.3, 4.1.1, 4.2
Fix Version/s: 4.2

Type: Bug Priority: Minor
Reporter: Fabrizio Giustina Assignee: Fabrizio Giustina
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled

 Description   

The "last access date" information for users (available under the tools menu in admin central) is updated not only when the user logs in, but also for any failed login.
If you try logging in with superuser/wrongpassword you will see the last access date for superuser updated.

The setLastAccess() call is actually in MgnlUserManager, before the password validation. It should be moved to JCRAuthenticationModule after a successful authentication.


Generated at Mon Feb 12 03:41:23 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.