Auditing: a history of sessions should be kept and reported on

[dasgarner]

Each time a user logs into the CMS a session should be recorded (independently of PHP sessions) with the following data:

• sessionId (auto generated) - not the actual sessionId, an auto generated secondary ID added to the session
• IP
• user agent
• start time

Any audit and/or log records added during the request should be annotated with the sessionId so that audit/log reporting can be accessed from the request record.

An admin report should be available filtered by date/user which shows session activity and associated data.