When there is a custom security provider, for example LDAP, after every JCR login a new sync with the external system is done and to the user node the 'last login' field is updated

However, for a CMS user this only makes sense during the logging in into the CMS, not many times when working within the same (http session) in the CMS : Currently, every new JCR login (which happens for example during Channel Mgr interactions or /ws/ invocations) results in a sync, regardless whether it is a 'real' CMS login

Technical Details

Logging in new JCR Sessions for a logged in user happens all the time. This happens via the same Credentials instance (with nullified pwd) stored on the CmsSessionContext.

Technical Solution

After the first sync for a Credentials instance, do not sync again any more for a new login with the exact same instance