how to check who is online or if another user is online

unonweb

7 months ago

1 1

• Selected Answer
  

  unonweb

  7 months ago

  I've solved it in a different (server-only) way. Now my Payload server is somewhat aware of a user being active or inactive. If someone wants to know about it, feel free to ask.

• 

  unonweb

  7 months ago

  Oh! I'm happy that nobody has made the effort to respond to my question as the solution is somehow obvious...

  1. create a checkbox field named 'isOnline' in the 'users' collection
  2. use the afterLogin hook to update that field for the given user (isOnline: true)
  3. use the afterLogout field in order to set 'isOnline: false'

  voilá

  4 replies
  

  DanRibbens

  Payload Team

  7 months ago

  Smart thinking @unonweb! Thanks for commenting with your solution for others to find.

  Is this already working for you?

  I could be wrong here, but I don't think afterLogout is will be called unless a user takes the action. How many users click logout before closing the browser tab? You may need to have some additional window events that makes the logout call for them. If this is needed in your admin UI you could add this in a custom provider.

  

  unonweb

  7 months ago

  I don't think afterLogout is will be called unless a user takes the action.

  Damn, you're right. Well my idea now is to make the server aware of the expiry time of the user's session and call the logout functions at the same time when the user is automatically logged out. For my purpose it's important that the user sessions don't last longer than necessary (contrary to this discussion). So therefore I've set tokenExpiration to a small amount and make regular use of the refresh operation in order to keep the user logged in as long as he/she is active.

  But sadly the following code throws "Forbidden: You are not allowed to perform this action."
  According to my understanding it's like:

  1. user logs in and receives a fresh httpOnly cookie with a 'payload-token'
  2. user makes and action that triggers refreshToken() which makes an http post request including that cookie

  async function refreshToken(origin = 'http://localhost:3000', colSlug = 'users') {
  	const res = await fetch(`${origin}/api/${colSlug}/refresh-token`, {
  		method: 'POST',
  		credentials: 'include',
  		headers: {
  			'Content-Type': 'application/json',
  		},
  	})
  
  	const json = await res.json();
  	console.log(json)
  }

  

  unonweb

  7 months ago

  Of course I need to make sure that this is called on the client.
  I had it referenced in some afterRead hooks in order to keep a user session active while they're navigating around.
  But then it was called only on the server.

  I don't understand why the Payload Admin Panel itself apparently doesn't make use of the refresh-token endpoint.
  It seems like a user's JWT on the Admin Panel simply expires without regarding their activity.
  Is that possible? If I set a short tokenExpiration in my users collection my JWT expires even if I'm using the admin panel.
  If it's my responsibility to implement refresh-token calls - how am I supposed to do it?

  • If I want to trigger it on the server (like in afterRead hooks) I see that there's not Local API 'refresh' operation to resend the JWT.
  • If I'm supposed to make the request on the client - how can I implement it to be triggered by an afterRead hook?
  

  unonweb

  7 months ago

  I've solved it in a different (server-only) way. Now my Payload server is somewhat aware of a user being active or inactive. If someone wants to know about it, feel free to ask.