dcsimg

Session Tracking With Apache Page 2

By Martin Brown (Send Email)
Posted May 11, 2005


Adding mod_usertrack to Your Apache Installation

The mod_usertrack module is not part of the standard Apache installation, so to use it you must first add the module to your installation. If you are using a dynamic version of Apache, reconfigure your Apache installation (using configure) and add the --enable-usertrack=shared to the configuration command line. Then, rebuild Apache and copy the module to the modules directory within the installed Apache directory. Finally, edit your httpd.conf file to load the new module:

Table of Contents
Tracking Progress
Adding mod_usertrack to Your Apache Installation
Enabling Tracking
Choosing an Expiry Time
Configuring the Log
Analyzing the Results
Dynamic Solutions
The Performance Trade Off

LoadModule usertrack_module modules/mod_usertrack.so

For a static installation, rebuild your Apache executable (again using configure, but after that use the --enable-usertrack option). Because the module is built into the new executable, you don't need to specifically load the module through the configuration file.

With both solutions, be sure to restart Apache, which is best done with apachectl:

$ apachectl restart

Once everything is up and running, you should be able to go ahead with the next section of the configuration. To double check that the new module is correctly installed in the Apache installation, use the -L option (which lists available directives) to httpd and look for the cookie-tracking directive:

./bin/httpd -L|grep CookieTracking
CookieTracking (mod_usertrack.c)

Enabling Tracking

Tracking is turned on both globally and on a per-server or directory basis by adding the appropriate directives to the configuration file. The main directive is CookieTracking, which accepts one parameter either "on" or "off." The default is off.

The mod_usertrack module uses cookies, and for security, cookies are configured to be active only within a limited domain — this limitation means cookies are provided only to servers within that domain. For example, if you configure a cookie to exist within mcslp.com, your browser will send the cookie only to hosts within that domain. If you are using a single Web server, you'll probably want to specify only that host's name. For a site that employs multiple hosts, perhaps hiding behind the same host address, you must explicitly state the cookie's domain (and remember to specify a leading period to indicate hosts within the domain, rather than a single host). The CookieDomain directive is used to define the domain in which the cookie should be activated; the default is to use just the current host.

The CookieName directive configures the name of the cookie that will be stored. Because multiple cookies can be active for a given domain, a range of names is necessary to enable identification. In general, the name used should be as descriptive as possible (e.g., MCSLP Tracker).

The final configuration for a directory will look something like:

<Directory "/export/http/webs/com.mcslp">

CookieTracking on
CookieName "MCSLP Intranet"
CookieDomain .mcslp.com
                
</Directory>

>> Expiry Times, Configuration, Analysis

Page 2 of 4


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.