Assumptions no requirement to save users, users are not save no requirement to have unique session per userId unsigned integer?