FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    How to track user online/offline/idle times in real-time dashboard & reports using Kafka events from auth server

    Scheduled Pinned Locked Moved
    General Discussion
    2
    3
    7.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      d.chinguun.0301
      last edited by

      I am building a real-time dashboard and reporting system that shows user online/offline status and idle time.

      Current Setup

      I consume Kafka events from our authentication server that include:

      • list itemLogin success (user authenticated)

      • list itemToken refresh (user’s access token refreshed)

      • list itemToken revoke (logout or manual revocation)

      Access tokens are short-lived JWTs, refresh tokens have a longer lifetime.

      I need this tracking for two purposes:

      Real-time dashboard — show current online/offline/idle status.

      Historical reporting — store session history with start time, end time, and idle time.

      The Challenge

      If a token expires naturally (user closes browser, loses connection, or simply stops using the system) and there’s no explicit logout/revoke event, I do not receive any event from the auth server.

      This means users could appear "online" indefinitely unless I detect inactivity/expiry myself.

      I also want to calculate idle time — periods where the user has a valid session but is not actively refreshing tokens.

      Requirements

      Detect when a user should be marked offline if:

      No token refresh occurred before the access token expires.

      The refresh token also eventually expires.

      Detect idle state if there is no activity for a configured threshold (e.g., 15 minutes), even if the token has not yet expired.

      Keep a real-time store (e.g., Redis, Kafka Streams state store) for dashboard queries.

      Persist session history (start time, end time, idle periods) in a database for reporting.

      My Questions

      What is the best approach to handle natural token expiry detection without explicit events?

      How should I design the state tracking logic so it works for both real-time dashboard and historical reporting?

      Would using Redis TTLs or periodic scans be better for detecting inactivity and expiry?

      How should I manage the mapping between session IDs and tokens for accurate reporting, considering refresh events can issue new tokens for the same session?

      Are there best practices for idle detection in systems relying on token events?

      Any architectural patterns, code examples, or practical advice would be appreciated.

      mark.robustelliM 1 Reply Last reply Reply Quote 0
      • mark.robustelliM
        mark.robustelli @d.chinguun.0301
        last edited by

        @d-chinguun-0301 Interesting use case. Once the user has authenticated, FusionAuth doesn't know much about what the user is doing other than to refresh tokens or log out the user. You could put some logic in the application itself that would help you calculate.

        Also, I did come across this post that might give you some ideas too.

        Would love to see some screenshots once you get it up and running!

        D 1 Reply Last reply Reply Quote 0
        • D
          d.chinguun.0301 @mark.robustelli
          last edited by

          @mark-robustelli Thanks for your reply, Mark. If I manage to make it, I’d love to show you how I made it and what it looks like.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post