iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)
Administering Session Identifiers for Anonymous
Sessions
iTP Secure WebServer System Administrator’s Guide—522659-001
11- 2
Ticketing and Tracking Example
For content providers, this situation makes analyzing how users are accessing their web
pages difficult. Although the number of accesses (hits) to each file can be counted, it is
hard to know how many of those hits were made by the same user. In addition, there is
no way to track a single individual’s access pattern—that is, which URLs the user
requested and in what order.
Ticketing identifies a user for a specified duration so user activities can be tracked
throughout a single web session or across multiple sessions.
Ticketing and Tracking Example
To understand how tracking works, consider the following example.
A company called Universal Technology, Inc., has put all its marketing literature on the
Web. Universal Technology doesn’t want to limit access to these files, but it does want to
know how many individuals are looking at each file. It also wants to know which links
are accessed most frequently.
Universal Technology obtains this information by configuring its iTP Secure WebServer
to support anonymous ticketing, a type of ticketing that provides tracking information
but no authentication or authorization.
When the Universal Technology WebServer receives a request for a resource, it
generates a ticket for the user and redirects the user’s browser to the same content, but
with the ticket inserted in the URL. The web client resends the request, this time with
the inserted ticket.
The iTP Secure WebServer detects the ticket, validates it to ensure it has not been
tampered with and has not expired, then returns the requested resource (as shown in
Figure 11-1
). The request, along with the ticket, is recorded in the server’s log file.
.
Figure 11-1. Requesting a Ticket
107CDT .CDD
Web Client
iTP Secure WebServer
Internet
URL Request
Redirect to
URL with ticket
No ticket, so...
This time, there is a
ticket, so...
URL Request,
with ticket
Requested
resource
iTP Secure WebServer
generates ticket
and sends a redirect to
the web client.
the resource
is returned.