Session Tracking

Session tracking is used to record user actions on a website. Events such as clicks or filling out a form are treated as sequences, and are summarized into a session to be able to record them as individual clients.

The communication between the server and client is always stateless in the Internet. This means that the HTTP protocol used treats each request, such as calling up a website, individually, and responds to it. To be able to assign a user as a client that poses multiple requests to the server, tracking is necessary to assign these many requests.^[1] This occurs through the exchange of additional data between the server and client.

Advantages and Benefits

Session tracking creates a virtual state. The individual user is assigned with the aid of a session ID. All actions carried out by the user belong to this ID. They can follow a link, place products in the shopping cart or fill out forms - the entered data are treated as a state and are available throughout the entire session. This increases the user experience and ensures that personal data are not transferred to the server. Only the session ID is exchanged between the server and client.

Moreover: A session normally lasts a certain amount of time that is defined during the implementation of the session tracking. All data is saved on the client side and only kept for this period of time. As soon as a session ends, the data will expire.

Session tracking is frequently used for online shops: if users enter data via a form, or add products to a shopping cart, it is helpful for the online shop if the client saves this data for later use.

Session tracking is also often used in affiliate networks: If a user clicks on a banner and visits another website in the meantime, the [Session-ID]] may be helpful later during the purchase of a product. It can be used to determine which affiliate was the cause for the purchase to correctly assign the commission.

Implementation

There are four possible ways of implementing session tracking.^[2]

Cookies

Cookies are the most popular method of implementing session tracking. In the following example, a session ID is generated and associated with user data in the form of a table (hashmap). After this, all data belonging to the session ID (SessionInfo) can be imported. The cookie acts as a mediator between user data and session ID. It can be referenced in regards to multiple sessions (persistent) or deleted after a session (non-persistent). The example shows a non-persistent cookie.^[3]

String sessionID = makeUniqueString();
HashMap sessionInfo = new HashMap();
HashMap globalTable = findTableStoringSessions();
globalTable.put(sessionID, sessionInfo);
Cookie sessionCookie = new Cookie("JSESSIONID", sessionID);
sessionCookie.setPath("/");
response.addCookie(sessionCookie)

Hidden Form Field

Hidden fields in the HTML code can also be used to insert session tracking for certain URLs. The parameters of these fields are then automatically read into the GET-Parameter and POST-data of the server when called up. However, hidden fields are connected to dynamically created websites so that this method is only recommended for certain types of websites, for example, checkout pages.^[4]

<INPUT TYPE="HIDDEN" NAME="session" VALUE="1234">

URL Rewriting

With this approach, each URL that the user accesses is amended by a parameter. The parameter acts as a session ID and the server associates this with the available user data.

http://www.beispielseite/pfad/datei.html;jsessionid=a1234

The last part of the URL ";jsessionid=a1234“ identifies the user with the session ID a1234. Problematic with this approach is the fact that all URLs have to be created dynamically, as with hidden fields. The URL rewriting for session tracking can therefore not be used on static websites.^[5] Furthermore, session-Hijacking may occur during URL rewriting.^[6]

HTTP Session

Session tracking can also be realized with the aid of the HTTP session API from Java. An object is created here within the HTTP environment with the aid of web containers and Servlets and can be addressed, saved or modified through different methods. The API offers all tools that are required for working session tracking.^[7]

HttpSession session = request.getSession();
synchronized(session) {
SomeClass value =
(SomeClass)session.getAttribute("someID");
if (value == null) {
value = new SomeClass(...);
}
doSomethingWith(value);
session.setAttribute("someID", value);
}

HTTP session tracking is either based on cookies or the URL rewriting. In the last case, changes to the URLs are required to forward state information about a requested URL.

Free Providers

The following web analysis tools providers (also) use session tracking to record and evaluate user actions. The providers are free of charge. Nevertheless, usage is often connected with data from the website having to be available to the system - therefore saved externally.

Google Analytics: The providers used most in the area of web analysis
Piwik: In the German-speaking region, the most well-known free web analysis software after Google Analytics.^[8]
eAnalytics: An open source software for private people and companies that can be customized to individual needs.
Open Web Analytics: open source software that also harmonizes with WordPress and MediaWiki.

Significance for web analysis

Session tracking is a standard in web analysis and has a few advantages compared to other methods. In contrast to this, the Application on mobile devices is not possible with this type of web tracking. In light of the increasing usage of mobile end devices in e-commerce, session tracking only covers a portion of the interactions and can therefore only be conditionally observed as an accurate database for comprehensive web analysis.

As with other tracking models, data privacy aspects must be considered. All personal data must be masked or separated from the user data. The user's consent must also be obtained under certain conditions. For example, if session tracking is only a part of the tracking and the IP address is additionally called up and saved.^[9]

Itemization

↑ Session Tracking pdf.coreservlets.com. Accessed on 15 Dec 2014
↑ Session Tracking java-programming.info. Accessed on 15 Dec 2014
↑ Session Tracking pdf.coreservlets.com. Accessed on 15 Dec 2014
↑ Servlets - Session Tracking tutorialspoint.com. Accessed on 15 Dec 2014
↑ A Fast Introduction to Basic Servlet Programming informit.com. Accessed on 15 Dec 2014
↑ A Fast Introduction to Basic Servlet Programming informit.com. Accessed on 15 Dec 2014
↑ Session Tracking java-programming.info. Accessed on 15 Dec 2014
↑ Piwik piwik.org. Accessed on 15 Dec 2014
↑ Whitepaper Webanalyse und Datenschutz bvdw.org. Accessed on 15 Dec 2014

Web Links

[1] Session Tracking pdf.coreservlets.com. Accessed on 15 Dec 2014

[2] Session Tracking java-programming.info. Accessed on 15 Dec 2014

[3] Session Tracking pdf.coreservlets.com. Accessed on 15 Dec 2014

[4] Servlets - Session Tracking tutorialspoint.com. Accessed on 15 Dec 2014

[5] A Fast Introduction to Basic Servlet Programming informit.com. Accessed on 15 Dec 2014

[6] A Fast Introduction to Basic Servlet Programming informit.com. Accessed on 15 Dec 2014

[7] Session Tracking java-programming.info. Accessed on 15 Dec 2014

[8] Piwik piwik.org. Accessed on 15 Dec 2014

[9] Whitepaper Webanalyse und Datenschutz bvdw.org. Accessed on 15 Dec 2014

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]