Codebase Analysis

Analysis of the appifany2/app/Http/Controllers/Client/AppController.php revealed:

• Function: getActiveSessions() (line 7490) - Retrieves active sessions from the last 13 hours
• Function: expireActiveSession() (line 7560) - Allows forced logout of users
• Data Tracked: Session Start, Last Active, Email, Name, Status
• Plan Requirement: Requires allow_user_active_sessions permission

UI Components Found

Existing Documentation Review

Found multiple sparse references to active sessions:

• Article 243: Brief announcement with single image
• Article 1700: Mentioned as part of enhanced logging features
• Article 49 (user-security.html): Two-sentence description with image
• Article 1232 (user-settings.html): Similar brief description
• Article 1365 (user-logs.html): Listed active sessions but no explanation

Gap Identified: No comprehensive documentation explaining the feature in detail.

Updated Article: User Logs (1365-user-logs.html)

File: docs/exported-articles/Logging and Audits/(No Section)/1365-user-logs.html

Article URL: https://docs.tadabase.io/categories/logging-and-audits/article/user-logs

New Sections Added:

1. Viewing Active Sessions - Overview of the feature
2. Accessing Active Sessions - Where to find the feature and plan requirements
3. What Information is Displayed - Detailed explanation of each column:
   • Session Start - When user logged in
   • Last Active - Most recent activity time
   • Email - User's email address
   • Name - User's name
   • Status - Session status (Active, Terminated, Expired)
   • Action - Available actions (Force Logout)
4. Session Tracking Duration - Explained 13-hour tracking window
5. Actions You Can Take - Detailed explanation of force logout functionality with use cases:
   • Enforcing immediate password changes
   • Responding to compromised accounts
   • Performing maintenance
   • Troubleshooting user authentication issues
6. Common Use Cases - Practical scenarios:
   • Security monitoring
   • Session management
   • Troubleshooting
   • Compliance tracking
   • Capacity planning
7. Active Sessions vs Login Logs - Clear distinction between real-time and historical data

Enhanced User Interface - Three Template Files Updated

Specific UI Enhancements

1. Tooltips Added:
   <th title="When the user initially logged in"> Session Start </th> <th title="The most recent time the user was active in your app"> Last Active </th> <th title="The user's email address"> Email </th> <th title="The user's name"> Name </th> <th title="Current session status (Active, Terminated, Expired)"> Status </th>
2. Help Text Updated:

   Before: "See who is currently logged in and click the Logout button to force users to logout."

   After: "See who is currently logged in (within the last 13 hours) and click the Logout button to force users to logout."

3. Documentation Links Updated:

   Old URL: https://docs.tadabase.io/categories/manual/article/user-security#bkmrk-session-tracking

   New URL: https://docs.tadabase.io/categories/logging-and-audits/article/user-logs#bkmrk-viewing-active-sessions

Backend Logic (AppController.php)

Session Retrieval Query:

This confirms sessions are only shown if they were created within the last 13 hours and haven't been explicitly expired.

Session Termination

When an admin forces a logout, the session status is changed to "Terminated," which logs the user out.

For End Users

• Improved Discoverability: Users can now find comprehensive information about active sessions
• Better Understanding: Clear explanations of what each piece of information means
• Practical Guidance: Use cases help users understand when and why to use this feature
• Enhanced UX: Tooltips provide instant clarity without leaving the interface

For Support Team

• Reduced Support Tickets: Users can self-serve instead of asking basic questions
• Reference Material: Support can direct users to specific documentation sections
• Clarity on Limitations: The 13-hour window is now clearly documented

For Product Team

• Feature Awareness: Better documentation may increase feature adoption
• User Expectations: Clear documentation prevents misunderstandings about capabilities

Documentation Files (1 file)

1. docs/exported-articles/Logging and Audits/(No Section)/1365-user-logs.html - Added comprehensive Active Sessions section

Code Files (3 files)

1. appifany2/resources/assets/client/tpl/app-active-sessions-list.html - Added tooltips and updated help text
2. appifany2/resources/assets/client/tpl/new/settings/user-active-sessions.html - Added tooltips and updated help text
3. appifany2/resources/assets/client/v2/tpl/settings/user/user-active-sessions.html - Added tooltips (including Status column) and updated help text

1. Documentation Review: Verify the updated User Logs article displays correctly and all links work
2. UI Testing:
   • Verify tooltips appear on hover for all column headers
   • Confirm help text displays with "13 hours" mention
   • Test "Learn More" links navigate to correct documentation section
3. Cross-browser Testing: Ensure tooltips work in Chrome, Firefox, Safari, Edge
4. Responsive Testing: Check that tooltips work on tablets/mobile devices

• Export Functionality: Consider adding ability to export active session data
• Filtering: Add ability to filter by user, email, or session duration
• Notifications: Consider alerting admins when unusual session patterns are detected
• Customizable Duration: Allow admins to configure the 13-hour window
• Session Details: Show IP address, device, browser information in the active sessions view