Jsonapi the user endpoint return wrong value for access property

Drupal 9 is no longer maintained. Can you verify the bug on a supported release?

And to be clear, this report is that the “access” date via API differs from the “Last access” column date on the default users view. Do I have that right? In what ways do these dates differ? It could be a time zone difference.

@cilefen, In drupal 10.2 also this issue is present. Checked myself and its not a time zone difference problem. Adding "steps to reproduce" to the issue summary. Seems like the cache is not getting cleared for json responses during access action (even if time is greater than 3 minutes). But its working correctly for login and changed. Also for the web version its working fine (with a clearing delay of session_write_interval=180s)

Thank you guys for your comments,
@cilefen as I mentioned and as @sijumpk the problem is not related to timezone or computing date,
actually the "access" value in JSON API response seems not updated, and I noticed it getting updated in json response only if clearing full site cache.

This is essentially 'by design'. UserRequestSubscriber / UserStorage::updateLastAccessTimestamp (the logic was originally in the session handler) deliberately avoids using $entity->save() to update the access column - if it did that, then the user ID cache tag as well as the user entity list cache tag would be invalidated every time it's written. With multiple active users on site at any one time, that could be constant.

I could see potentially invalidating only the user's specific cache tag (not the list cache tag) when this is updated, or maybe at a longer frequency like one hour, which we could make configurable.

Another option would be adding some kind of max_age when the user access property is rendered, so that only those pages and the JSON:API responses have a shorter lifetime but anything else rendering a user would unaffected.