DOCDESK

Task Description:
Implement a User Session Management system to track user logins across devices.
Each login should create a session record containing device and network details
This will be used for security, session control, audit tracking, and logout handling.
Scope: Backend only

Required Fields (user_sessions table):
id (PK)
user_id (FK → users.id)
device_info(varchar)
ip_address(varchar)
user_agent(TEXT)
is_active (Active / Inactive)(BOOL)
created_at (login time)[DATE-TIME]
last_seen_at (last activity time)[DATE-TIME]

Features to Implement:
Create a new session record on successful login
Capture device info, IP address, and user-agent
Mark session as active on login
Update last_seen_at on each authenticated request (or periodically)
Mark session as inactive on logout
Allow multiple sessions per user (web + mobile)
Invalidate all sessions when user is deactivated
Support forced logout by setting is_active = 0

Basic Validations:
Session must be created only after successful authentication
user_id must be valid
IP address must be captured from request
Only one active session per token
Inactive sessions must not be reused
Logout must deactivate the session