User Session Tracking

part of the ArsDigita Community System by Philip Greenspun and Tracy Adams

What we said in the book

(where "the book" = Philip and Alex's Guide to Web Publishing)

In many areas of a community site, we will want to distinguish "new since your last visit" content from "the stuff that you've already seen" content. The obvious implementation of storing a single last_visit column is inadequate. Suppose that a user arrives at the site and the ACS sets the last_visit column to the current date and time. HTTP is a stateless protocol. If the user clicks to visit a discussion forum, the ACS queries the users table and finds that the last visit was 3 seconds ago. Consequently, none of the content will be highlighted as new.

The ACS stores last_visit and second_to_last_visit columns. We take advantage of the AOLserver filter facility to specify a Tcl program that runs before every request is served. The program does the following:

IF a request comes with a user_id cookie, but the last_visit cookie is either not present or more than one day old, THEN the filter proc augments the AOLserver output headers with a persistent (expires in year 2010) set-cookie of last_visit to the current time (HTTP format). It also grabs an Oracle connection, and sets
last_visit = sysdate, 
second_to_last_visit = last_visit
We set a persistent second_to_last_visit cookie with the last_visit time, either from the last_visit cookie or, if that wasn't present, with the value we just put into the second_to_last_visit column of the database.
We do something similar for non-registered users, using pure browser cookies rather than the database.

Stuff that we've added since

A lot of customers wanted to know the total number of user sessions, the number of repeat sessions, and how this was evolving over time. So we added:


last_visit cookie present? log a session log repeat session update last_visit cookie update second_to_last_visit_cookie
Yes Yes if date - last_visit > LastVisitExpiration Yes if date - last_visit > LastVisitExpiration Yes if date - last_visit > LastVisitUpdateInterval Yes if date - last_visit > LastVisitExpiration
No Yes if the IP address has not been seen in the LastVisitCacheUpdateInterval seconds No Yes if the IP address has not been seen in the LastVisitCacheUpdateInterval seconds No

Upon login, a repeat session (but not an extra session) is logged if the second_to_last_visit is not present. Logic: The user is a repeat user since they are logging in instead of registering. He either lost his cookies or is using a different browser. On the first page load, the last_visit cookie is set and a session is recorded. When the user logs in, we learn that he is a repeat visiter and log the repeat session. (If the user was only missing a user_id cookie, both the last_visit and second_to_last_visit cookies would been updated on the initial hit.)