After a recent hacking incident where someone gained access to my entire forum by guessing my password, I'd love to have some sort of session logging beyond what we have already. Like the current logs we have, session logging would tell who logged in when and from what IP and browser.

Also, admin action logging that was more specific would be wonderful, instead of just "edited such and such's account", be like "edited such and such's account: modified signature, changed group" and something like that. Otherwise, it's very hard to track what is going on.

It's also quite cumbersome to implement a "edited such and such's account: modified signature, changed group" feature too - currently the functionality takes the input, updates the account and logs the update. To do what you are suggesting, we'd need to check each and every input and verify the new against the old and see if it's changed before updating, and make a list. Then if someone changes 90% of a user's account (sig, group, etc. etc.) it would be an extremely long list in the admin logs...

We plan on updating a lot of this stuff with 3.0 in any event.