I’m building site where user will register, login, switch to other users page, read article, logout etc.
For this moment I think that all these events must be logged for security reasons, so admin will have big options of data to manipulate. Is this apporach correct or not ?
Each event will be supplied with users ID, IP , + Date and time in separate fields.
I’m just interesting in general approach to this subject. Maybe there is something more to be done, or some different method of doing this things. Some hints and tricks that may help to build more secure and nice project…
Small example.
1.User presses register button
2.User validates each input field
3.User presses “register” to send the registration form
4.Server says it’s ok or there is an error.
5.If OK user is registered.
6.User is still at the registration form looking at errors.
7.If he was registered activation Email sending to user….
8.User recieves message that letter with activation link was sent to him.
So which events I must log in this example ?
a good and common approach would be that every event has it’s level.
you set in the configuration the current level that the system is working on. all the events with a level lower (or higher) than the current config level will be logged.
that is of course logging user activity.
many advanced system implement a logger for the code, that is separated from the user activity. it would normally log into a file (you can also log into database, but this should be done with caution, since it can be heavy). you set the system current level to DEBUG/INFO/USER etc. when you log code, almost after every line of code you have a call to the logger (some will be ignored, depending on the level). this way, when you want to debug and find problems, you can set the log to DEBUG and see how the code runs line by line. on routine basis you can find problems when going over USER/INFO messages.
EDIT:
you can log user activity. you can log system behavior. you can log data that will give you a better knowledge of how users (members/guests) are surfing your website. what links they are clicking, what common actions they are performing, how much time they spend on every page, how much scrolling they are doing, mouse movements, text highlights etc. you can learn from it how to improve your user interface to improve user experience. you can detect problems in the UI, or in the system. the question is – what are you trying to achieve from the data that will be logged? is it just debugging your system, finding hack attempts, or finding out how users are using your site?