IP address is also written to (intranet|opac)-access.log. There is no user information logged, but there might be enough URL and browser information logged to leak the user's identity, especially in combination with information in the database.

On Sun, Jun 25, 2017 at 4:45 PM, Chris Cormack <chrisc@catalyst.net.nz> wrote:
* Indranil Das Gupta (indradg@gmail.com) wrote:
Hi,

As $SUBJECT says. Do we?

Once a user is logged in, their ip is stored in the session data.
If you are using mysql or disk for this, and never purge them then you
effectively log IP numbers for logged in users.
However if you use memcached or purge the tables, they are only there a
short time.

(This is discounting webserver logs of course)

Hope this helps

Chris



regards
indranil


--
Indranil Das Gupta
L2C2 Technologies

Phone : +91-98300-20971
WWW  : http://www.l2c2.co.in
Blog    : http://blog.l2c2.co.in
IRC     : indradg on irc://irc.freenode.net
Twitter : indradg
_______________________________________________
Koha-devel mailing list
Koha-devel@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

--
Chris Cormack
Catalyst IT Ltd.
+64 4 803 2238
PO Box 11-053, Manners St, Wellington 6142, New Zealand

_______________________________________________
Koha-devel mailing list
Koha-devel@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/