Is there any way to maintain login records

Dear OJS Team,

Is there any way to maintain login report in OJS-3.1.1-4 Application?

Actually the application does not maintain audit trails where all user activities have to be logged. In case a malicious user tries to attack the application; the application will not be able to trace the attacker.

Thank with Regards
Avinash Shukla

Your server should have an access log of some sort. That is the log you can use to track down attackers if needed. Understanding the Apache Access Log - KeyCDN Support

Unfortunately, the access log typically doesn’t record the association of the application-level user (or any useful session information to identify the application-level user) with the request. This has been a longstanding frustration in retroactively looking at the logs to help to debug a problem or to attribute actions for a specific user.

This could be a good plugin to develop.


If someone goes on to develop such a plugin, then I suggest reading the regulations in GDPR in detail. They apply to any journal that has users coming from the EU, not just journals published in the EU. So if the users actions in the system are logged in detail, you need the user’s explicit consent for that and a way of erasing the data if the user makes a request.