Summary
The authevents channel should record "Logout" events, but https://logstash.wikimedia.org/goto/44a8b2284523b3f21eec5b8dc2efe4eb only shows ~700 events in the last 3 months
Technical notes
Relevant code from User.php
public function doLogout() { $session = $this->getRequest()->getSession(); $accountType = MediaWikiServices::getInstance()->getUserIdentityUtils()->getShortUserTypeInternal( $this ); if ( !$session->canSetUser() ) { LoggerFactory::getInstance( 'session' ) ->warning( __METHOD__ . ": Cannot log out of an immutable session" ); $error = 'immutable'; } elseif ( !$session->getUser()->equals( $this ) ) { LoggerFactory::getInstance( 'session' ) ->warning( __METHOD__ . ": Cannot log user \"$this\" out of a user \"{$session->getUser()}\"'s session" ); // But we still may as well make this user object anon $this->clearInstanceCache( 'defaults' ); $error = 'wronguser'; } else { $this->clearInstanceCache( 'defaults' ); $delay = $session->delaySave(); $session->unpersist(); // Clear cookies (T127436) $session->setLoggedOutTimestamp( time() ); $session->setUser( new User ); $session->set( 'wsUserID', 0 ); // Other code expects this $session->resetAllTokens(); ScopedCallback::consume( $delay ); $error = false; } LoggerFactory::getInstance( 'authevents' )->info( 'Logout', [ 'event' => 'logout', 'successful' => $error === false, 'status' => $error ?: 'success', 'accountType' => $accountType, ] ); }
Acceptance criteria
- Logout events are accurately recorded in the authevents channel for temporary accounts and named users