Trapping USERIDs

[sjpistolesi]

HTML or JAVA or ...? I wonder if there is a simple way to trap "visitor's" userids and save them to a file, behind the scenes?

A client of mine is curious at to who is "dropping by" her site ... this has nothing to do with wanting to get back to the browsing individual, just simply curiosity as to who is coming in and viewing the pages.

Thanks,
Sandy

 

[manitoba]

Not sure what you mean by USERIDs. The most you can get is:

1. Type of browser (user-agent) which looks like:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

2. IP address which looks like: 129.42.19.99

3. If the user clicked a hyperlink to get to your site, then you can get the URL of the page the user clicked from. This is called referrer URL.

User can get this data if:

1. you are using scripts like ASP or PHP to build your site.

2. Use a service like:

http://extreme-dm.com/tracking/

3. Or a reporting tool that analyzes your Web Server logs like:

http://www.netiq.com/webtrends/default.asp

Hope this helps.

 

[sjpistolesi]

Thanks, Manitoba, But that is not what she wants ... counters and analyzers I mean that small business apps report.

She wants to know, specifically, "who" stops by.

Appreciate your time, Sandy

 

[simonchristieis]

To save details on your server you will need to have permissions for that server, therefore need server side code.

My field is asp, using this you can find this information from clients:

ALL_HTTP are all HTTP headers sent by the client.

ALL_RAW retrieves all headers in the raw-form.

APPL_MD_PATH retrieves the metabase path.

APPL_PHYSICAL_PATH retrieves the physical path corresponding to the metabase path.

AUTH_PASSWORD is the value entered in the client's authentication dialog.

AUTH_TYPE is the authentication method that the server uses to validate users.

AUTH_USER is the raw authenticated user name.

CERT_COOKIE is an unique ID for client certificate which is returned as a string.

CERT_FLAGS is where bit0 is set to 1 if the client certificate is present, and bit1 is set to 1 if the certifying authority of the client certificate is invalid.

CERT_ISSUER is the issuer field of the client certificate.

CERT_KEYSIZE is the number of bits in Secure Sockets Layer connection key size.

CERT_SECRETKEYSIZE is the number of bits in the server certificate private key.

CERT_SERIALNUMBER is the serial number field of the client certificate.

CERT_SERVER_ISSUER is the issuer field of the server certificate.

CERT_SERVER_SUBJECT is the subject field of the server certificate.

CERT_SUBJECT is the subject field of the client certificate.

CONTENT_LENGTH is the length of the content header as sent by the client.

CONTENT_TYPE is the data type of the content.

GATEWAY_INTERFACE is the revision of the CGI specification used by the server.

HTTP_<HeaderName> is the value stored in the header HeaderName.

HTTP_ACCEPT returns the value of the Accept header.

HTTP_ACCEPT_ENCODING returns the value of the Accept encoding.

HTTP_ACCEPT_LANGUAGE returns a string that specifies the language to be used for displaying content.

HTTP_CONNECTION returns a string containing information about the connection.

HTTP_COOKIE returns the cookie string that was included with the request.

HTTP_HOST returns a string containing information about the host.

HTTP_REFERER returns a string containing the original URL when a redirect has occurred.

HTTP_USER_AGENT returns a string describing the browser used to send the request.

HTTP_UA_PIXELS returns a string detailing the screen resolution of the user agent.

HTTP_UA_COLOR returns a string with color information.

HTTP_UA_OS returns a string stating the operating system of the user agent.

HTTP_UA_CPU returns a string stating the processor type used by the user agent.

HTTPS returns ON if the request came in through secure channel or OFF if the request is through a non-secure channel.

HTTPS_KEYSIZE is the number of bits in Secure Sockets Layer (SSL) connection key size.

HTTPS_SECRETKEYSIZE is the number of bits in server certificate private key.

HTTPS_SERVER_ISSUER is the issuer field of the server certificate.

HTTPS_SERVER_SUBJECT is the subject field of the server certificate.

INSTANCE_ID is the ID for the Internet Information Server (IIS) instance in text format.

INSTANCE_META_PATH is the metabase path for the instance of Internet Information Server (IIS) that responds to the request.

LOCAL_ADDR returns the server address on which the request came in.

LOGON_USER is the Windows account that the user is logged into.

PATH_INFO is extra path information as given by the client.

PATH_TRANSLATED is a translated version of PATH_INFO that takes the path and performs any necessary virtual-to-physical mapping.

QUERY_STRING is the query information stored in the string following the question mark (?) in the HTTP request.

REMOTE_ADDR is the Internet Protocol (IP) address of the remote host making the request.

REMOTE_HOST is the name of the host making the request.

REMOTE_USER is an unmapped user-name string sent in by the user.

REQUEST_METHOD is the method used to make the request.

SCRIPT_NAME is the virtual path to the calling script.

SERVER_NAME is the server's host name, Domain Name Server (DNS) alias, or Internet Protocol (IP) address.

SERVER_PORT is the port number to which the request was sent.

SERVER_PORT_SECURE is a string that contain a 1 if the request is being handled on the secure port, otherwise it is 0.

SERVER_PROTOCOL is the name and revision of the request information protocol.

SERVER_SOFTWARE is the name and version of the server software that answers the request and runs the gateway.

URL is the base portion of the URL.


these are known as the servervariables collection

Good luck

 

[tviman]

Be careful with how you go about doing this. A lot of browsers don't send referrer info. Additionally, if you could trap &quot;userid's&quot; (which you can't do with HTML), it would be meaningless unless it was an ID issued by your client's web site. If your client is so intent on knowing who is visiting her site, why not be up-front about it and ask?

I also wonder if there isn't a bigger issue involved here. A large part of the attraction of the Internet is that users can remain fairly annonymous. Trapping a surfer's userid negates this and seems to have a slightly sinister ring to it. And with spam being what it is and identity theft becoming the most profitable crime ever committed, I have to ask myself what happens to this info after your client is through with it.




There's always a better way. The fun is trying to find it!

 

[sjpistolesi]

Not to worry tviman. I am well &quot;seasoned&quot; in the issues.

This has nothing to do with cyber-crime or hacking ...
My client is simply curious to know if certain other hobbyists in her field of interest are dropping by {smile}. She wouldn't want to know any more than &quot;LOGON_USER&quot; mentioned by simonchristieis, above.

Cheers, Sandy