Capturing Login/Logout and Login Attempts with Grails and Acegi Plugin

Question

I have partially implemented a solution using an grails filter and a session listener that required me to modify the web.xml. The session listener tells me when the session has ended, and the grails filter tells me when any controller has been called for the first time with an authenticated user.

It appeared to me that both were required because either grails or the acegi plugin creates a new session automatically so I needed to the grails filter to determine when the session actually has an authenticated user.

I am saying all of this to say, is there an easier approach that does not require a filter and a sessionListener. Just looking to clean up the code so when I need to get back to it later it will still make sense

Answer 1

Events are fired at login, so that's your best bet for tracking login - session creation will often be earlier than login if a user navigates around the site for a while before logging in. See this page which talks about even handlers: http://grails.org/AcegiSecurity+Plugin+-+Acegi+Events

Logout is trickier because users might explicitly click a logout link or they might just close their browser. If they close the browser their session will time out but that'll be 30 minutes after their last click (unless you've changed the default).

If you want to put in a hook for explicit logout, register a LogoutHandler as described at http://grails.org/AcegiSecurity+Plugin+-+Customizing+with+SecurityConfig in the "Logout Handlers" section.