Session ID (or equivalent) in OpenEMR?

avantsys wrote on Wednesday, May 29, 2013:

As some of our clients’ installations are multi-user (for instance, secretary and doctor, or one secretary and two doctors, or two secretaries and five doctors), the need has arisen for us to be able to identify which users of each installation are logged in, when they logged in and for how long and what actions they performed.

For instance, let us take a practice with two doctors and a secretary. All of them are logged in at the same time. How can we:

(a) Identify which user logged in when and for how long?
(b) Identify which action each user performs and when?

Is there some code that needs to be added to the code spaghetti known as left_nav.php?

yehster wrote on Wednesday, May 29, 2013:

Login and logout our tracked in the log table.

SELECT * FROM log where event in (‘login’,‘logout’);

avantsys wrote on Wednesday, May 29, 2013:

What about the actions performed? Is there a way for the system to keep tabs of what requests each user made and which actions each user performed?

yehster wrote on Wednesday, May 29, 2013:

It’s all in the log table, but figuring out how a given row maps to a particular action is a little trickier. The Apache access logs also track every request.

The data you are looking for is probably all tracked already. The hard part is aggregating it into something meaningful.

avantsys wrote on Wednesday, May 29, 2013:

Kevin, thank you for the information. But can you tell me what happens in the following scenario?

Let’s say we have a certain practice in a web-based installation of OpenEMR. The practice has three users: A, B, and C. And they’re all logged in at a given moment in time.

One of them clicks a specific button in the left-hand menu (the code spaghetti known as left_nav.php)

How can we tell which of the three users clicked on that button?

yehster wrote on Wednesday, May 29, 2013:

The log table tracks each entry by user.

avantsys wrote on Wednesday, May 29, 2013:

OK about the log table, but it doesn’t help us with what we have in mind.

Let’s say that I want to differentiate an action according to the user who performs it.

Let’s say that, if user A presses one button in left_nav.php I want the system to pop up an alert in JS, saying “Hello”.

And, if user B presses the same button I want nothing to happen, or the system to give a different response, such as “Access denied”.

Is there some way to let the code know who makes the request at that time?

For example, see what happens in Joomla: if you write in a php file this line of code:

$user =& JFactory::getUser();

You get the user that is logged in at that session, and you can do whatever you want with that knowledge.

Is there any equivalent in OpenEMR, a specific command that tells us who is the logged in that session among all logged in users?

yehster wrote on Wednesday, May 29, 2013:

$_SESSION[‘authUser’];

avantsys wrote on Wednesday, May 29, 2013:

Thank you!