Jsonapi the user endpoint return wrong value for access property

Created on 28 December 2023, 6 months ago
Updated 30 December 2023, 6 months ago

Problem/Motivation

Hi all,

I fetched the user object and I tried to get the "access" property value to use it in the mobile application using endpoint '/jsonapi/user/user/:id', I noticed that it returned wrong value, although it is correct on the web page, actually the "Last Access" column updated in the web page users, but no update in the value returned by REST API.

Could someone help me to figure out the problem?

Thanks in advanced

Steps to reproduce

  1. Create a fresh standard d10 installation with JSON:API module enabled, and login as superadmin
  2. Visit the page /user/1
  3. Go to /admin/people and check "Last access" for superadmin. It will be less than 3 minutes.
  4. Go to /jsonapi/user/user?filter[uid]=1 and note access time value (data > attributes > access).
  5. Wait for 4 minutes
  6. Repeat steps 2 to 4
  7. This time in /admin/people the "Last access" value is updated and will be again less than 3 minutes. But in case of /jsonapi/user/user?filter[uid]=1 value will be same as the old one we got in the previous step 4 (so its showing > 4 minutes)

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

๐Ÿ› Bug report
Status

Active

Version

10.2 โœจ

Component
JSON APIย  โ†’

Last updated 2 days ago

Created by

๐Ÿ‡ฑ๐Ÿ‡งLebanon m.attar

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @m.attar
  • ๐Ÿ‡บ๐Ÿ‡ธUnited States cilefen

    Drupal 9 is no longer maintained. Can you verify the bug on a supported release?

  • Status changed to Postponed: needs info 6 months ago
  • ๐Ÿ‡บ๐Ÿ‡ธUnited States cilefen

    And to be clear, this report is that the โ€œaccessโ€ date via API differs from the โ€œLast accessโ€ column date on the default users view. Do I have that right? In what ways do these dates differ? It could be a time zone difference.

  • Issue was unassigned.
  • ๐Ÿ‡ฆ๐Ÿ‡บAustralia larowlan ๐Ÿ‡ฆ๐Ÿ‡บ๐Ÿ.au GMT+10
  • ๐Ÿ‡ฎ๐Ÿ‡ณIndia sijumpk
  • Status changed to Active 6 months ago
  • ๐Ÿ‡ฎ๐Ÿ‡ณIndia sijumpk

    @cilefen, In drupal 10.2 also this issue is present. Checked myself and its not a time zone difference problem. Adding "steps to reproduce" to the issue summary. Seems like the cache is not getting cleared for json responses during access action (even if time is greater than 3 minutes). But its working correctly for login and changed. Also for the web version its working fine (with a clearing delay of session_write_interval=180s)

  • ๐Ÿ‡ฑ๐Ÿ‡งLebanon m.attar

    Thank you guys for your comments,
    @cilefen as I mentioned and as @sijumpk the problem is not related to timezone or computing date,
    actually the "access" value in JSON API response seems not updated, and I noticed it getting updated in json response only if clearing full site cache.

  • ๐Ÿ‡บ๐Ÿ‡ธUnited States cilefen
  • ๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom catch

    This is essentially 'by design'. UserRequestSubscriber / UserStorage::updateLastAccessTimestamp (the logic was originally in the session handler) deliberately avoids using $entity->save() to update the access column - if it did that, then the user ID cache tag as well as the user entity list cache tag would be invalidated every time it's written. With multiple active users on site at any one time, that could be constant.

    I could see potentially invalidating only the user's specific cache tag (not the list cache tag) when this is updated, or maybe at a longer frequency like one hour, which we could make configurable.

    Another option would be adding some kind of max_age when the user access property is rendered, so that only those pages and the JSON:API responses have a shorter lifetime but anything else rendering a user would unaffected.

Production build 0.69.0 2024