iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

281

282

283

284

285

286

287

288

289

290

Administering Session Identifiers for Anonymous

Sessions

iTP Secure WebServer System Administrator’s Guide—522659-001

11-10

Ticketing Strategies

If you want a true hit count, you can specify one policy for HTML pages (for which you

want to accurately track the hit count) and another policy for other types of references

(for which you may not want this information). (For more information, see HTML and

Image References on page 11-12.)

Ticketing Strategies

Tickets can be attached to resource requests either as part of the URL or in a cookie. For

example, the following URL contains a ticket:

http://www.acme.com/@@3jr7D&&j89WerfB6/index.htm

When the content server receives a request for a protected resource, it first looks in the

request URL to find the ticket. If a ticket is not present or the one that is present is

invalid, the content server checks the cookie, if the cookie is available. A cookie may be

unavailable either because the web client does not support cookies or because the user

has not yet received a ticket.

Only when the content server cannot acquire a valid ticket does it generate a new

anonymous ticket and insert it into the URL.

When the content server finds a valid ticket from the URL or cookie, the server attempts

to keep the ticket until the ticket expires. So, when the user makes subsequent requests,

the content server can validate the request by using the same ticket. The content server

has three techniques for maintaining tickets:

•

Inserting the ticket in a URL directly

•

Causing the web client to insert the ticket in a URL

•

Storing the ticket in a cookie

You can control the way the server stores tickets.

Note that the ticket can only be inserted into a URL if it is a relative URL, as described

in Dynamically Rewriting References

iTP Secure WebServer Default Ticketing Strategy

By default the iTP Secure WebServer inserts tickets into cookies whenever cookies are

supported. If the web client does not support cookies, the server looks for the ticket in

the URL. As long as the initial document was referred to using a ticketed URL, the iTP

Secure WebServer causes the web client to automatically insert the ticket in all

subsequent relative URLs.

To guarantee that this action occurs for all HTML references, the content server converts

absolute HTML references into relative references. (Absolute and relative references are

described in Dynamically Rewriting References

.) This strategy maximizes the lifetime

of a ticket.

A side effect of this strategy is that log files may not show the true hit number for

ticketed resources because of proxies, as explained in How Proxy Servers Affect

Ticketing on page 11-8.