This is just a quick follow up to yesterday's post on the session logging demo I showed.
First - David Crowther mentioned that I could cut two database queries down to one by just doing the insert in the onSessionEnd method. I don't think this is such a big deal - but it does make things a bit simpler so I made the change.
Next - Geoff made a good point. He asked if I was sure session.urltoken was unique over system reboots. Using J2EE sessions I'm pretty darn sure it is - but why take chances when ColdFusion makes it so easy to create a unique ID with createUUID()?
For these new suggestions I added three new session variables (id, entrypage, and entrytime), and you can find the code in the Download.
I also wanted to mention something else. When creating your reports, it may be useful to create a simple function to show nicer names for the URLs. So for example, your code could translate /company/about.cfm to "About our Company". It could translate /company/news.cfm?id=45 to "News: Adobe buys Microsoft". This will create reports that are much easier to read.
Thanks to David and Geoff for the good ideas!
Archived Comments
one of my projects has been doing something similar to this for awhile now since they use a framework, its often hard to get reports out of webtrends and the like without some extra effort (since everything goes through index).
Another interesting side effect of doing this tracking is the ability to add a field to capture IP address and maybe a message or a utility key field. At that point you can also use the same tracking for some ancillary security work and reporting. An example would be to use this information to drive a 3 bad logins and lock them out for x minutes etc.
WooHoo!
Thanks Ray.
now that the database is only updated when the session ends, I need a better way to end the session than I'm using. What is the proper way to end the session so all this logging stuff happens properly when the user "logs out" or closes the browser? seems like my sessions are only ending by timing out
when you're users log out fire off the onSessionEnd(). As for the closing browser part, theres a few snippets of scripts out there to try and catch that as well, though each has downsides. myself, I've never found one that was completely accurate and wonderful for catching people who just close the browser while logged in or navigate away... but I've also haven't had a real need to solve the problem either. lemme know what you guys do :D
DK - you might not want to do that. FOr example, imagine a site that lets you do some stuff not logged in, some stuff logged in. Just because you logout doesn't mean you leave. You may browse some more. If I wanted to care JUST about people logged in, I wouldn't use onSessionStart/End at all. It is too ripe for confusion.
If you use CreateUUID()for sessionid instead of the webserver's sessionID will you be able to find the entries in the webserver log file if you wanted to?
By webserver do you mean CF server? I don't think CF logs the session ID anywhere.
I mean IIS in my case
= =
DK - you might not want to do that. FOr example, imagine a site that lets you do some stuff not logged in, some stuff logged in. Just because you logout doesn't mean you leave. You may browse some more. If I wanted to care JUST about people logged in, I wouldn't use onSessionStart/End at all. It is too ripe for confusion.
= =
yeah sorry, I was thinking of how one of my clients implemented it, which was tracking logged in user trends only. my bad :D
I think this code is breaking my flash remoting calls in an application I'm developing:
<cffunction name="onRequest" returnType="void">
<cfargument name="thePage" type="string" required="true">
<cfinclude template="#arguments.thePage#">
</cffunction>
I didn't see it in the first version...
It does. There is a workaround that Sean Corfield created. I have 2 seconds now so I can't post, but if no one else does, I'll be back in 3 hours.
Read the comment at the bottom of the livedocs:
http://livedocs.macromedia....
thanks for the quick response (way under 3 hours!) but I guess my first question should have been... why do I need the onrequest method in my application.cfc? (in particular, what is it doing for my tracking of session metrics?)
Err, you don't. The use of onRequest was not part of this blog series. I used onRequestStart.
ok, I've got this working pretty well but I have to call the cfc method that saves the data in two places. I have a logout page that will save their session info if they click the logout link, and I also have the same call in Application.cfc in the onSessionEnd() method in case they don't click the logout link. It seems rather inelegant. I can't directly call an application.cfc method like <cfset onSessionEnd()> from my logout page, right? maybe I should do something in the onRequestStart/End() methods sort of like the url.reinit running onApplicationStart()? (by the way, the captcha I have to type in is "oaf" not sure if your blog is getting to know me...
Michael - I'd argue that my code isn't meant to be "sessions" as in login sessions, but the more generic CF session. Just because you log off it doesn't mean you leave the site, especially on sites that have a mix of public and private content.
But anyway - if you want to do a set of things on logout and have it be the _same_ as a 'real' session timeout, make a new method, and have onRequestStart note the logout and call the new method, and have onSessionEnd do the same. Don't forget though that you can't output or DIRECTLY use session.foo in onSesionEnd, and that would apply to this new method you can as well.
I am trying to capture the time a user is on the actual site. I tried using onSessionEnd in my application.cfc but that just drops in the time of the actual last click variable I set and when the session times out. I don't capture the actual time the person left the site. I don't want to use short timeout values because the site has some very long pages to read and someone could spend 30 minutes on the page. Is there a way to have a hidden layer or graphic that keeps an open connection with the browser and the server so I can use short timeout values and not worry about the person just sitting there on one page reading? I also need to make sure whatever method is the most browser friendly and as unnoticeable by the user as possible. Thanks!