An efficient way to track user login dates and IPs history

Question

I'm trying to track user login history for stat purposes but its not clear to me what the best way to go about it would be. I could have a separate table that records users and their login stats with a date, but that table could get REALLY big. I could track some historic fields in the User model/object itself in a parse-able field and just update it (them) with some delimited string format. e.g. split on :, get the last one, if an included date code isn't today, add an item (date+count) otherwise increment, then save it back. At least with this second approach it would be easy to remove old items (e.g. only keep 30 days of daily logins, or IPs), as a separate table would require a task to delete old records.

I'm a big fan of instant changes. Tasks are useful, but can complicate things for maintenance reasons.

Anyone have any suggestions? I don't have an external data caching solution up or anything yet. Any pointers are also welcome! (I've been hunting for similar questions and answers)

Thanks!

Answer 1

If you have the :trackable module, I found this the easiest way. In the User model (or whichever model you're authenticating)

  def update_tracked_fields!(request)
    old_signin = self.last_sign_in_at
    super
    if self.last_sign_in_at != old_signin
      Audit.create :user => self, :action => "login", :ip => self.last_sign_in_ip
    end
  end

(Inspired by https://github.com/plataformatec/devise/wiki/How-To:-Turn-off-trackable-for-admin-users)

Answer 2

There is a nice way to do that through Devise.

Warden sets up a hook called after_set_user that runs after setting a user. So, supposed you have a model Login containing an ip field, a logged_in_at field and user_id field, you can only create the record using this fields.

Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
  Login.create!(:ip => warden.request.ip, :logged_in_at => Time.now, :user_id => record.id)
end

Answer 3

Building upon @user208769's answer, the core Devise::Models::Trackable#update_tracked_fields! method now calls a helper method named update_tracked_fields prior to saving. That means you can use ActiveRecord::Dirty helpers to make it a little simpler:

def update_tracked_fields(request)
  super

  if last_sign_in_at_changed?
    Audit.create(user: self, action: 'login', ip: last_sign_in_ip)
  end
end

This can be simplified even further (and be more reliable given validations) if audits is a relationship on your model:

def update_tracked_fields(request)
  super
  audits.build(action: 'login', ip: last_sign_in_ip) if last_sign_in_at_changed?
end

Answer 4

Devise supports tracking the last signed in date and the last signed in ip address with it's :trackable module. By adding this module to your user model, and then also adding the correct fields to your database, which are:

:sign_in_count,      :type => Integer, :default => 0
:current_sign_in_at, :type => Time
:last_sign_in_at,    :type => Time
:current_sign_in_ip, :type => String
:last_sign_in_ip,    :type => String

You could then override the Devise::SessionsController and it's create action to then save the :last_sign_in_at and :last_sign_in_ip to a separate table in a before_create callback. You should then be able to keep them as long you would like.