About the User Tracking Feature for Solution Sites
Users of a Web site are classified by user type and access type, and tracked through the use of a unique user ID (anonymous and authenticated users only). Profiles may be associated with users depending on site configuration settings. When a user visits a page, the GetUserInfo subroutine in the file include\setupenv.asp retrieves the user ID and sets the user type and access type. This information is used to determine whether page access is allowed. For more information about page access, see Authentication. The user ID is written to the Web server log file and used to identify the user by the Commerce Server Business Analytics System.
The following table lists the user types. This value is stored in the m_UserType variable.
User Type | Value | Description |
---|---|---|
ANON_USER | 1 | An anonymous user. The user is unidentified, does not have a ticket, and is not tracked (is not recognized on return visits). |
GUEST_USER | 2 | An anonymous user. The user has not registered but has a GUEST_TICKET. The user may or may not have a profile depending on site options. The user is tracked during the current session and, if cookies are enabled on the client and the site, the user is tracked between sessions. |
AUTH_USER | 4 | An authenticated user. The user is registered, authenticated (access type equals either IIS_AUTH or TICKET_AUTH), and is tracked. |
The following table lists the access types. This value is stored in the m_UserAccessType variable.
Access Type | Value | Description |
---|---|---|
GUEST_VISIT | 1 | A visit by a GUEST_USER authenticated using the AuthManager object and a GUEST_TICKET. |
IIS_AUTH | 2 | A visit by an AUTH_USER authenticated to Internet Information Services (i_FormLoginOptions = USE_IIS_AUTH) using either Basic or Integrated Windows authentication. |
TICKET_AUTH | 3 | A visit by an AUTH_USER authenticated using the AuthManager object and an AUTH_TICKET. |
ANON_VISIT | 5 | A visit by an ANON_USER. |
The Retail site stores the user ID in a ticket, which is a set of property name/value pairs placed in a cookie (if cookies are enabled on the client and the site) or a URL query string (URL mode). The user ID is also stored in the profile of the user if profiling is enabled. For more information about tickets, see Authentication Tickets.
The following table lists the two ticket types, their values, the ticket names (cookie/URL key name), and the constants defined for the ticket names.
Type | Value | Name | Name Constant | Description |
---|---|---|---|---|
GUEST_TICKET | 1 | MSCSProfile | GUEST_TICKET_NAME | A ticket for an anonymous user, which contains a unique user ID. |
AUTH_TICKET | 2 | MSCSAuth | AUTH_TICKET_NAME | A ticket for an authenticated user, which contains a unique user ID, the last login time for the user, and a time window of validity. |
The user ID is written to the Web server log file either as part of the cookie or the URL query string. The Commerce Server Business Analytics System retrieves the user ID from the cookie when the Web log file is imported by the Web server log file Data Transformation Service (DTS) task. If URL mode is enabled, users may not be correctly identified and several Analysis reports may be incorrect. A PERL script is available that pre-processes the Web log file so that the user ID is correctly imported when using URL mode. For more information about obtaining the PERL script, see the Commerce Server Web site.
The following table lists the constants, used for the iSiteTicketOptions property of the App Default Config resource, that determine whether the site uses cookie or URL mode to store the ticket. If the site is set to use cookie mode but cookies are disabled on the client, the site uses URL mode.
Type | Value | Description |
---|---|---|
PUT_TICKET_IN_URL | 1 | Uses URL mode. |
PUT_TICKET_IN_COOKIE | 2 | Uses cookie mode. |
The following table lists the constants that determine where the AuthManager object places the ticket.
Type | Value | Description |
---|---|---|
WRITE_TICKET_TO_COOKIE | -1 | Writes the ticket to a cookie. |
WRITE_TICKET_TO_URL | 0 | Writes the ticket to a URL query string. |
The previous constants are defined in the AppConsts 1.0 Type Library.
The Supplier site uses Internet Information Services (IIS) authentication. In this mode, the user name is stored in the AUTH_USER variable of the ServerVariables collection of the Request object. The user name is used to retrieve the profile of the user, which contains the user ID.
Initialization
Initialization for the User Tracking feature occurs in the following file:
include\setupenv.asp
This file calls the GetAuthManagerObject function in the include\std_access_lib.asp file to create the AuthManager object, which is used to set and retrieve the tickets in the Retail site.
Browse Time
The following files are used for User Tracking:
login\_guest.asp
login\login.asp
login\newuser.asp
The ticket is set into either a cookie or a URL query string by routines in these files and by the EnsureAccess subroutine.
include\std_access_lib.asp
The user ID is retrieved from the ticket or the ServerVariables collection by the GetUserInfo subroutine in this file. If the user has both a GUEST_TICKET and an AUTH_TICKET, the AUTH_TICKET takes precedence.
include\std_url_lib.asp
The ticket location is retrieved by the GetTicketLocation function in this file.
See Also
About the Profiles Feature for Solution Sites
Page-Level Access Control for Solution Sites
About the Login Feature for Solution sites
Copyright © 2005 Microsoft Corporation.
All rights reserved.