Hubert Lubaczewski solves a problem:
Since I can’t copy paste the text, I’ll try to write what I remember:
Given table sessions, with columns: user_id, login_time, and country_id, list all cases where single account logged to the system from more than one country within 2 hour time frame.
The idea behind is that it would be a tool to find hacked account, based on idea that you generally can’t change country within 2 hours. Which is somewhat true.
Solution in the blogpost suggested joining sessions table with itself, using some inequality condition. I think we can do better…
Click through for a solution that works for PostgreSQL but not SQL Server because the latter doesn’t offer date and time intervals on window function frames.
To do this in SQL Server, I’d probably use LAG() and get the prior value of country ID and the prior login time. Something like the following query, though I didn’t run detailed performance checks.
WITH records AS
(
SELECT
s.user_id,
s.login_time,
s.country_id,
LAG(s.login_time) OVER (PARTITION BY s.user_id ORDER BY s.login_time) AS prior_login_time,
LAG(s.country_id) OVER (PARTITION BY s.user_id ORDER BY s.login_time) AS prior_country_id
FROM sessions s
)
SELECT *
FROM records r
WHERE
r.prior_country_id <> r.country_id
AND DATEDIFF(HOUR, r.prior_login_time, r.login_time) <= 2;