Thanks, Paul and Cosimo. That module is just what I was looking for. Logging the note instead of the cookie is probably better for what we're doing.
On Fri, Oct 2, 2009 at 6:56 AM, Paul Silevitch <p...@silevitch.com> wrote: > You can use apache's custom log ( > http://httpd.apache.org/docs/2.0/mod/mod_log_config.html) to log cookie > values into the access logs: > > %...{Foobar}C The contents of cookie Foobar in the request sent to the > server. > > The above will not log a value for the first request by a new visitor > (since the cookie hasn't been set yet). Instead, create a note that gets > set on every request in your handler and log that: > > %...{Foobar}n The contents of note Foobar from another module. > > HTH, > > Paul > > > > On Fri, Oct 2, 2009 at 2:21 AM, Douglas Sims <ratsb...@gmail.com> wrote: > >> >> We've just launched the first mod_perl site I've ever designed. It's all >> going very well so far but I'm sure there are some things worth improving. >> I wonder if anyone might have suggestions about this scenario: >> >> I want to add the session id to the access log entries. This example: >> http://perl.apache.org/docs/2.0/user/handlers/http.html#PerlLogHandlershows >> how to write to a different logfile but I want to write to whatever >> would be the normal access log for whatever VirtualHost it's in. We've >> only got a PerlResponseHandler now but I think this should probably go in a >> PerlLogHander. What's the best way to go about this? >> >> We're very interested in tracking long-term user browsing behavior and so >> we set one persistent cookie with a session key at each request if there's >> no cookie or if the existing cookie is obsolete (user logged in, logged out, >> more than 1 hour since last access, 12 since last visit, IP changed, or user >> agent changed.) If, when a new session id is created there is an existing >> (but obsolete) session cookie then the obsolete one is stored in the >> sessions table as the previous session key. >> >> I've tried to follow the philosophy that Randal Schwartz described in a >> recent thread here - a cookie is just a serial number for a browser. By >> rotating the cookies often we're hoping to avoid problems with stolen or >> leaked sessions and by storing the previous session id (if there is one) >> with every new session we're planning to be able to build a linked list of >> session activity which we can correlate with specific users who log in at >> any part of that linked list. >> >> >> >> >
