The systems being implemented, by companies like IPRO (http://www.ipro.com/)
and content providers like PathFinder (http://www.pathfinder.com/) are
fatally flawed. They create a unique session ID when a user touches their
home page that gets encoded between the hostname and the path/file in the URL
(in the case of pathfinder), and that session ID stays with you throughout
your journey through the site. Of course, this session ID also stays with me
if I save a hotlist reference to a page beyond the home page, or if I cut and
paste the URL and mail it around to my friends. In the latter case, if I'm
given the session ID of "KJHFJHDSF", then all my friends go visit that page,
they'll all see accesses under session-ID "KJHFJHDSF". This system also
destroys caching of documents, both local disk and proxy caches. I told
this much to a reporter at MediaWeek last week.
There is definitely a demand for this kind of information, and it would
help make professional web sites more responsive to what really works and
what doesn't - and this is also information that current web logs
and the HTTP protocol really can't provide. However, any proposed
solution *must* protect the anonymity of the user, for it's not really
necessary to lose that when all that's cared about is unique sessions.
So, I'd like to propose for discussion a new HTTP header (hi Roy!) called
"Session-ID". This would be optional, of course, and it would change any
time the browser is restarted (or when the user wished). It would
consist of a string of 32 random base 64 characters (or whatever encoding
is allowed in headers). It would allow the content provider to see the
"path" one takes through his system, even when two separate requests are
interlacing through a proxy server (HotWired would often get 5
individuals hitting it from antares.prodigy.com at the same time),
without requiring user authentication or divulging of any personal
information. The "From:" header would also work, but it would give away
information that most would probably prefer not to give.
The only flaw is that the session-ID is temporary and can't be used to
determine if 50 sessions are 5 people visiting you 10 times, or 50 people
visiting you once. An analysis of domains can help with that though.
Comments? I'd obviously like to try implementing this, maybe it's time
to learn elisp..... :)
Brian
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com brian@hyperreal.com http://www.[hyperreal,organic].com/