how to check who is online or if another user is online

default discord avatar
unonweb
last month
1 1

Hi community,

I need to check server-side

  1. which other users have the same site access (no problem)
  2. which of them are online (I'm missing an "is-online" auth-operation or some array of "currentlyOnline" users within the payload object

Is there something I've overseen or is there some hack to do it?

  • default discord avatar
    unonweb
    last month

    I've solved it in a different (server-only) way. Now my Payload server is somewhat aware of a user being active or inactive. If someone wants to know about it, feel free to ask.

  • default discord avatar
    unonweb
    last month

    Oh! I'm happy that nobody has made the effort to respond to my question as the solution is somehow obvious...

    1. create a checkbox field named 'isOnline' in the 'users' collection
    2. use the afterLogin hook to update that field for the given user (isOnline: true)
    3. use the afterLogout field in order to set 'isOnline: false'

    voilá

    4 replies
    discord user avatar
    DanRibbens
    Payload Team
    last month

    Smart thinking @unonweb! Thanks for commenting with your solution for others to find.

    Is this already working for you?

    I could be wrong here, but I don't think afterLogout is will be called unless a user takes the action. How many users click logout before closing the browser tab? You may need to have some additional window events that makes the logout call for them. If this is needed in your admin UI you could add this in a custom provider.

    default discord avatar
    unonweb
    last month

    I don't think afterLogout is will be called unless a user takes the action.

    Damn, you're right. Well my idea now is to make the server aware of the expiry time of the user's session and call the logout functions at the same time when the user is automatically logged out. For my purpose it's important that the user sessions don't last longer than necessary (contrary to this discussion). So therefore I've set tokenExpiration to a small amount and make regular use of the refresh operation in order to keep the user logged in as long as he/she is active.

    But sadly the following code throws "Forbidden: You are not allowed to perform this action."
    According to my understanding it's like:

    1. user logs in and receives a fresh httpOnly cookie with a 'payload-token'
    2. user makes and action that triggers refreshToken() which makes an http post request including that cookie
    async function refreshToken(origin = 'http://localhost:3000', colSlug = 'users') {
    	const res = await fetch(`${origin}/api/${colSlug}/refresh-token`, {
    		method: 'POST',
    		credentials: 'include',
    		headers: {
    			'Content-Type': 'application/json',
    		},
    	})
    
    	const json = await res.json();
    	console.log(json)
    }
    default discord avatar
    unonweb
    last month

    Of course I need to make sure that this is called on the client.
    I had it referenced in some afterRead hooks in order to keep a user session active while they're navigating around.
    But then it was called only on the server.

    I don't understand why the Payload Admin Panel itself apparently doesn't make use of the refresh-token endpoint.
    It seems like a user's JWT on the Admin Panel simply expires without regarding their activity.
    Is that possible? If I set a short tokenExpiration in my users collection my JWT expires even if I'm using the admin panel.
    If it's my responsibility to implement refresh-token calls - how am I supposed to do it?

    • If I want to trigger it on the server (like in afterRead hooks) I see that there's not Local API 'refresh' operation to resend the JWT.
    • If I'm supposed to make the request on the client - how can I implement it to be triggered by an afterRead hook?
    default discord avatar
    unonweb
    last month

    I've solved it in a different (server-only) way. Now my Payload server is somewhat aware of a user being active or inactive. If someone wants to know about it, feel free to ask.

Open the post
Continue the discussion in GitHub
Like what we're doing?
Star us on GitHub!

Star

Connect with the Payload Community on Discord

Discord

online

Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.