search

gbv / login-server

Login and connect accounts with multiple identity providers
https://coli-conc.gbv.de/login/
MIT License
31 stars 32 forks source link

Save and show where a session originated from #70

Closed nichtich closed 3 years ago

nichtich commented 3 years ago

Split from #66

Active sessions should indicate the client using the session. As we don't require clients to have been registered, this information can only be guessed:

we could save the referrer (i.e. when the user logs in from Cocoda). My suggestion: On the server, when either /login or /login/:provider are requested and a referrer other than the login server URL is given, and if the user is not currently logged in, save that referrer inside a field in the session.

This should be enough to get a client URL. Users can click on the URL to find out more details.

nichtich commented 3 years ago

Session and WebSocket ID do not need to be shown but client application names would be helpful (#72).