Suggestion: Impersonating an account should not affect "last seen" date

Hey guys

Current behaviour is: When impersonating a user’s account, the last seen date is affected by this action. This behaviour is confusing for other users and our staff since they assume, that the user was actually online at this date/time.

My suggestion is to not count the impersonation towards the last seen date.

Would appreciate your feedback on this :slight_smile:

5 Likes

I have to disagree with this. I am aware of a few forums from my communities that my friends and I have been a part of where the admins behind those forums would maliciously use ”impersonate” to try to get people into trouble.

Staff should have access to the staff logs that show when and who impersonated an account. You should make everyone on your team aware of it.

2 Likes

Admins could always reset that date in the database anyway, or prevent updating the last seen date using a plugin. If you cannot trust the admins then there is nothing you can do.

5 Likes

That’s a flaw in the system more than anything.

One thing that I think could actually help is sending a message to the user that they were impersonated. Yea, this could be undone by plugin makers but most malicious admins are usually teens that get scared by those kinds of stuff or adults that wouldn’t be really able to afford hiring someone to do program the plugin for them.

1 Like

I think we’re getting a bit distracted from the subject here. The last seen being updated when a user is being impersonated is more confusing than useful.

If we need more auditing about impersonation then that’s a different thing.

By the way, I think you’re making some dangerous assumptions here.

6 Likes

Quick follow-up here for our use case.

Due to the nature of our topic, users are very privacy concerned. So whenever a long-time core “used to be” core user suddenly reappears and has a fresh “Last seen” date due to some admin impersonation, some of our users are either concerned or somewhat confused… :eyes:

2 Likes

If you are using the new impersonation feature (enabled by setting the hidden site setting experimental_impersonation to true), the last_seen_at timestamp will no longer be touched when impersonating a user.

We are still in the midst of planning the rollout of the new impersonation feature to Discourse hosted forums.

6 Likes

I gather the intent of the new impersonation feature is to lower its impact, but there are currently effects besides last_seen_at. As near as I can tell, when impersonating, you’re being that user.

Click on a pending notification? They’ve now seen it.
Open an unread post? They’ve now read it.

Knowing this, I’d only use it for troubleshooting with the knowledge of the user. I’d have no problem with users being notified and provided with a log of activity in an impersonation session.

1 Like

Okay but when my last ip stay there public to that user sees? Me as admin when I impersonate any user my ip “leaks” or I am wrong?

my solution was hide this section

image

1 Like