iTP Secure WebServer System Administrator's Guide (Version 7.0)
iTP Secure WebServer System Administrator’s Guide—523346-012
11-1
11
Administering Session Identifiers for
Anonymous Sessions
This section describes how to set up the iTP Secure WebServer to use Session
Identifiers for anonymous ticketing. Topics discussed in this section include:
•
Anonymous Ticketing
•
Tracking on page 11-2
•
Ticketing and Tracking Example on page 11-2
•
Configuring for Anonymous Ticketing on page 11-4
•
Using Session Identifiers for Reporting on page 11-15
•
Using Tcl Variables for Anonymous Sessions on page 11-16
Anonymous Ticketing
Anonymous ticketing allows you to track accesses to your Web site—that is, determine
how frequently resources are accessed and by whom.
A ticket is a string of characters that uniquely identifies a user and specifies what
resources the user is permitted to access. The ticket is protected by a message
authentication code (MAC), which makes the ticket nearly impossible to duplicate or
change.
There are various formats for tickets: the iTP Secure WebServer uses a type of ticket
known as a Session Identifier.
A Session Identifier is a short string of characters preceded by two at signs (@@). For
example:
@@Fz3H78Og56kCSf2s
Encoded within this string are:
•
A message authentication code (MAC)
•
A user ID that uniquely identifies the user
•
A group ID that indicates what information the user is authorized to access
•
An expiration time signifying for how long the ticket is valid
A user acquires a ticket implicitly on the first request for a resource. Thereafter, the
Web client automatically transmits the ticket with any subsequent request. A single
ticket, therefore, can be used for multiple requests.