Apache/2.0.54 mod_usertrack cookies

Apache/2.0.54 mod_usertrack cookies

am 17.11.2005 09:24:01 von rafamiga

Well, I have a problem with mod_usertrack. Generally it works. The logs
are cool and I can track user's activity, clickstreams, all this
marketing stuff. But of course, some IE problems kick in.

Let's say I have a virtualhost set under foo.bar domain. My setup is:

CookieTracking on
CookieStyle Cookie
CookieExpires "2 weeks"
CookieDomain .foo.bar
CustomLog /var/log/apache2/cookie-track.log "%{cookie}n %h %l %u %t
\"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
CookieName FOO_BAR

OK. The users are being tracked and there are no problems. But it
tracks only the user's sessions. The cookie is not persistent when the
client uses a typical IE6 environment -- the one with default cookie
settings. And my goal is to track the clients itself, not only their
sessions.

The responses I get from Apache are like this:

HTTP/1.1 200 OK
Date: Wed, 16 Nov 2005 10:03:01 GMT
Server: Apache/2.0.54
Set-Cookie: FOO_BAR=123.45.67.89.1132135381683768; path=/;
max-age=1209600
Set-Cookie: FOOBARSess=5ff49d16c1208a67abb09fac15abae70; path=/;
domain=.foo.bar
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 3329
Connection: close

The PHP's session is a temporary cookie because it does not have an
expiration date on it and it dies as soon as client closes the browser.
That's cool and we all need this. My FOOBAR cookie has a "max-age="
properity which, theoretically, should make this cookie persistent. It
does -- when client uses Mozilla/FF. On IE it's as temporary as the PHP
session's cookie. Here's another example:

HTTP/1.1 200 OK
Date: Wed, 16 Nov 2005 10:06:25 GMT
Server: Apache/2.0.54
Set-Cookie: FOO_BAR=123.45.67.78.1132135585427411; path=/;
max-age=1209600
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: FOOBARjs=123.45.67.89-1132135585-420639; expires=Tue, 12
Aug 2008 10:06:25 GMT; path=/; domain=.foo.bar
Content-Length: 35
Connection: close
Content-Type: image/gif

These are headers set to client when a requesting a 1-px transparent
gif used by an DYI tracking PHP script. Now, surprise surprise, IE
treats FOOBARjs cookie as persistent cookie. It DOES get written to
disk and shows up after client re-opens the browser.

So what's the problem with Apache's cookie? Generally it does not
matter when domain=.foo.bar is present in header or not. The only
difference is that DYI cookie [and generally PHP cookies] have
"expires=" properity and Apache's have "max-age=" which, in theory,
should be treated equally. At least Mozilla does it this way -- it does
store both cookies. Default IE6 installations do not.

Apache cannot be set to make mod_usertrack use "expires=" cookie
syntax, only "max-age=" syntax is supported. Is this the reason for IE
failing to accept Apache's cookie for two weeks [1209600 seconds]?

Advice is most welcome.

--
rafamiga