[Webware-discuss] Re: Using HTTP Basic Authentication (without the dialog box!)

Peter Lyons Thu, 12 Jun 2003 19:29:53 -0700

Is it possible to configure Apache to log the "Cookie" headers? If you can get the session IDs from the request Cookie headers into the logs, you've got a shot. What you would need to do is keep a separate record of when each session begins and ends, and who the user was. This is to account for the fact that session IDs can be re-used across time. Then you can later run a batch process to cross correlate between the datestamp and session ID in the apache logs against the date interval, session ID, and username in your custom log, perhaps creating a version of the apache log that has the username swapped in for the session id like your example.

Pete

P.S. if you have a significant number of users refusing session cookies and storing them in the URLs, you would need to try to configure apache to log those as well, and enhance your munger script accordingly.


David Hancock wrote:
If you're wondering why this is important... We'd like to know when our
users are active via the Apache access_log, and we want to use log analysis
tools (such as Webtrends) to examine user paths through the site, exit
points, etc.  If we could just replace the second hyphen in the Apache log
line with the userid (example shown below, userid is oncall)

fwl03anp.xax.net - oncall [08/Jun/2003:20:00:15 +0000]...

-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Webware-discuss mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/webware-discuss

[Webware-discuss] Re: Using HTTP Basic Authentication (without the dialog box!)

Reply via email to