Count multiple login and logout session

Question

i am designing a system where user shall register for a particular period and then logout. he may login and logout multiple times in day. i have to count all of those session to measure performance.

so what would be best way to design database for it

create table scheduler(
  ID  bigint auto_increment,
  userID varchar(100),
  start_session TIMESTAMP,
  end_session   TIMESTAMP,
  primary key(ID),
  INDEX(userID)
)

i have to insert multiple session data of a user. so is it logical design for my desired task? one more info this will be for a real time system.

Answer 1

create table lets say "logins" with few fields, one should be:
entrie_id
userID (which bilongs to user to actualy know which user we talking about)
Date (which represend current day)
login_amount (which should be increased each time user logins) default value 0.

with this you will have statics day by day.

Include updating database after user logins.

For example if the user logins with ID 1 and today is 2014-02-14.

You will have to search for userID = 1 and data 2014-02-14 (which is today in our case) in logins table, if it gets false by searching these, create new entrie with today date stam and user id, else update logins_amount by 1 so if it was first login ever it should do 0 + 1 so you get total logins of 1.

edit: For logout obviously you can do same just in logout script section. for that you may need to add another field logout_amount etc.

Answer 2

Unless you're using websockets there's no way to tell when the user actually disconnects, so I can't see how end_session would ever be meaningful. If you had a third table called 'visit' however, that could capture all http requests under a given session:

CREATE TABLE user(
  id            BIGINT PRIMARY KEY AUTO_INCREMENT NOT NULL,
  email         VARCHAR(255) NOT NULL,
  password      VARCHAR(255) NOT NULL,
  salt          VARCHAR(255) NOT NULL,
  created       DATETIME NOT NULL
);

CREATE TABLE session(
  id      BIGINT PRIMARY KEY AUTO_INCREMENT NOT NULL,
  user    BIGINT NOT NULL,
  created DATETIME NOT NULL
  index(userid)
);

CREATE TABLE visit(
  id            BIGINT PRIMARY KEY AUTO_INCREMENT NOT NULL,
  ip            VARCHAR(55) NOT NULL,
  uri           VARCHAR(255) NOT NULL,
  method        VARCHAR(20) NOT NULL,
  userAgent     TEXT NOT NULL,
  session       BIGINT NULL,
  user          BIGINT NULL,
  created       DATETIME NOT NULL
  index(userid)
);

This would let you capture meaningful data. Also if you're concerned about a particular session expiring after X minutes, just add X minutes to the created time when you're validating a user's session. Or when you're looking for a session you can query with a condition on the created time:

SELECT
  id,
  user,
  created
FROM session
WHERE created > {recent}

Where recent would be equal to the current time - X minutes.

For better security I would recommend generating a random token for each session, set the user's cookie value to an AES GCM encryption of the user's id and session token, then generate a random salt to hash the session token with, finally store the hashed session token + salt in the database. If you merely compare the session's id to the value of the cookie I can authenticate to your system as any user... same thing with if you use a randomly generated token.

Based on that I'd modify the session table to look more like this:

CREATE TABLE session(
  id      BIGINT PRIMARY KEY AUTO_INCREMENT NOT NULL,
  user    BIGINT NOT NULL,
  token   VARCHAR(255) NOT NULL,
  salt    VARCHAR(255) NOT NULL,
  created DATETIME NOT NULL
  index(userid)
);

Lastly, I noticed you're using TIMESTAMP in your schema... that's generally fine, just be aware that you can only store dates from 1970 to 2038.

If you want to see a working example of this, I have it on github here: https://github.com/kaeawc/play-encryption

There is a working demo here: http://immense-garden-9877.herokuapp.com/