A suspended user cannot login to the Discourse site. If a user attempts to login to a site with their username and password, they’re denied access. The user’s “last seen” time is not modified.
However, if a suspended user attempts to log in with a social login (Google, Facebook, etc.), the “last seen” time is bumped to the current time, despite the user being denied access. This is inconsistent and would be nice to fix.
That’s what I had noticed. IIRC, we concluded that it was most likely peculiar to SitePoint Premium handling the login process and not a core Discourse issue.
That is, if a member had been suspended in the forum, they should still be able to access their Premium account, and when they logged in to Premium the event was sent to the forum anyway.
My guess is that the login modal (screen in SitePoints case) was updating the last seen at the beginning of the log in process instead of on its success. But I haven’t looked at the code involved yet so I don’t really know.
That’s not quite what was happening. Any member - suspended or otherwise - can log into their Premium account, and it doesn’t register on the forum “last seen” time; only an actual log-in or attempted log-in at the forums does that.
A suspended account making a log-in attempt at the forums will register an updated “last seen” time and a new “Last IP address” (if different), even though they never reached the forums.
We also established that suspended members were unable to log in, but were not shown any message stating their account was suspended. We have no way of testing whether this is simply a problem with our own set-up, or a wider issue with SSO.