iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

301

302

303

304

305

306

307

308

309

310

Administering Session Identifiers for Anonymous

Sessions

iTP Secure WebServer System Administrator’s Guide—523346-002

11-11

Ticketing Strategies

If you want a true hit count, you can specify one policy for HTML pages (for which you

want to accurately track the hit count) and another policy for other types of references

(for which you may not want this information). (For more information, see HTML and

Image References on page 11-13.)

Ticketing Strategies

Tickets can be attached to resource requests either as part of the URL or in a cookie.

For example, the following URL contains a ticket:

http://www.acme.com/@@3jr7D&&j89WerfB6/index.htm

When the content server receives a request for a protected resource, it first looks in the

request URL to find the ticket. If a ticket is not present or the one that is present is

invalid, the content server checks the cookie, if the cookie is available. A cookie may

be unavailable either because the web client does not support cookies or because the

user has not yet received a ticket.

Only when the content server cannot acquire a valid ticket does it generate a new

anonymous ticket and insert it into the URL.

When the content server finds a valid ticket from the URL or cookie, the server

attempts to keep the ticket until the ticket expires. So, when the user makes

subsequent requests, the content server can validate the request by using the same

ticket. The content server has three techniques for maintaining tickets:

•

Inserting the ticket in a URL directly

•

Causing the web client to insert the ticket in a URL

•

Storing the ticket in a cookie

You can control the way the server stores tickets.

Note that the ticket can only be inserted into a URL if it is a relative URL, as described

in Dynamically Rewriting References.

iTP Secure WebServer Default Ticketing Strategy

By default the iTP Secure WebServer inserts tickets into cookies whenever cookies are

supported. If the web client does not support cookies, the server looks for the ticket in

the URL. As long as the initial document was referred to using a ticketed URL, the iTP

Secure WebServer causes the web client to automatically insert the ticket in all

subsequent relative URLs.

To guarantee that this action occurs for all HTML references, the content server

converts absolute HTML references into relative references. (Absolute and relative

references are described in Dynamically Rewriting References.) This strategy

maximizes the lifetime of a ticket.