Discrepancy in last_activity_on and current_sign_in_at for users
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Summary
When a user logs in using the UI, last_activity_on is updated, but when the user logs in using SAML, it is not updated. current_sign_in_at is updated correctly. The user reporting the discrepancy was attempting to audit user access with a custom API script comparing these two values. We have since discovered that this is not the intended design, but still believe the last_activity_on field should be consistently updated for all authentication mechanisms.
This request is aligned with the documentation, where we do state that user logins are considered activities.
Steps to reproduce
- Log in to GitLab using the webUI
- Check
last_activity_on: (e.g each_user.last_activity_on) - Note it was updated
- Repeat experiment using SAML
- Note it was NOT updated
What is the current bug behavior?
last_activity_on is updated only for UI login, but not for SAML logins
What is the expected correct behavior?
last_activity_on should be consistently updated for all login types
Relevant logs and/or screenshots
See Zendesk ticket
Problem was reported for GitLab version 15.2.5