iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)
iTP Secure WebServer System Administrator’s Guide—523346-002
11-1
11
Administering Session Identifiers for
Anonymous Sessions
This section tells you how to set up the iTP Secure WebServer to use Session
Identifiers for anonymous ticketing. Topics discussed in this section include:
•
Anonymous Ticketing on page 11-1
•
Tracking on page 11-2
•
Ticketing and Tracking Example on page 11-2
•
Configuring for Anonymous Ticketing on page 11-4
•
Using Session Identifiers for Reporting on page 11-15
•
Using Tcl Variables for Anonymous Sessions on page 11-16
Anonymous Ticketing
Anonymous ticketing allows you to track accesses to your web site—that is, determine
how frequently resources are accessed and by whom.
A ticket is a string of characters that uniquely identifies a user and specifies what
resources the user is permitted to access. The ticket is protected by a message
authentication code (MAC), which makes the ticket nearly impossible to duplicate or
change.
There are various formats for tickets: the iTP Secure WebServer uses a type of ticket
known as a Session Identifier.
A Session Identifier is a short string of characters preceded by two at signs (@@). For
example:
@@Fz3H78Og56kCSf2s
Encoded within this string are the following:
•
A message authentication code (MAC)
•
A user ID that uniquely identifies the user
•
A group ID that indicates what information the user is authorized to access
•
An expiration time signifying for how long the ticket is valid
A user acquires a ticket implicitly on the first request for a resource. Thereafter, the
web client automatically transmits the ticket with any subsequent request. A single
ticket, therefore, can be used for multiple requests.