Session cookie tracking in logs/audit logs

Hello everybody. It’s my first message to the forum and at first I’d like to thanks all the nextcloud community of volunteers and users that animate this board and the devlopment of Nextcloud.

I am responsible of an average size installation of nextcloud (200 users, 40/50 active daily) and I started to develop some analytics/monitoring/alerting system to detect anomalies, better understand user patterns (to improve their experience) and offer accurate support to users experienceing issues.

Everything is working quite well but the main problem is that, at the moment, while most nextcloud users corresponds to single physical users, a few of them are “guest-like” users with credentials shared between an high number of different physical users.

For these particular “guest-like” users we are trying to distinguish individual browser sessions, corresponding to different physical users, using the remote ip address.

This works “kind-of” well in most cases, but CG-NAT sometimes make things trickier. Especially we have a few cluster of users in big student dormitories using a single external IP address for all their internal network.

When different physical people behind the same CG-NAT IP use the same “guest-like” username to perform different actions concurrently on the server it becomes very hard to analyze the single sessions in the logs and debug problems.

So I am wondering if there is a way to add session-tracking information to the audit logs. I think that every single login is associated with a new different “nc token”, but it doesn’t seem to me that this information is available in the log fields. I see that there is a “reqID” field but it seems to change often within the same session.

Does anyone faced a similar problem? There is any extension to add session information to the logs, or maybe do you think it is feasible to easily patch the source code in order to add this information to the logs?

Thanks a lot for your reply!