Re: Logging content sugestions

visit-id.  Yes, this is session id.

user-id, described-userid, and customer-id, as far as the log file is 
concerned, could all be the same.  Recognizing their differences is driven 
mostly by how the id will be used, and is mostly an issue external to the 
log file issues.  The differences, as applicable to the log file are:

the string specific to a "userid" can be totally determined by the server, 
for example, random numbers.  They need not be unique between different web 
sites.  They will never be used for anything other than associating with 
each other multiple log records that span multiple sessions at a single web 

"described userid" is a little-bit-more than "userid" because it allows 
association of demographics with users.  Again, they need not be unique 
between different web sites.  This association could be accomplished either 
by embedding the demographics in the log file (e.g., logging the cookie) or 
by having a separate file recording the demographics.  Of course, logging 
the demographic information would increase the size of the logs.  In either 
case, there is no association with the values of "described userid" beyond 
relating visits and sessions with demographics.  These associations can be 
totally managed by the server software itself.

"customer-id" implies the ability to associate the id with something 
external to the server envirionment.  They may need to be unique across 
multiple web sites.  One way of handling this could be to use the "described 
userid" facility, but include the external name as though it were one of the 
demographic attributes.

Now, all of that restated, the important issues to understand from the 
logging viewpoint are:
1. The logging file needs a mechanism to identify users,
2. The mechanism should take into account the potential different uses of 
the identification,
3. The identification tokens have different scopes of viability,
4. It would be useful, when demographic information is wanted and available, 
to have a standard way of relating that demographic information to the log 
file entries.
From: magnusm
To: Gerald L. Despain
Cc: www-logging
Subject: Re: Logging content sugestions
Date: Thursday, April 11, 1996 4:09PM

This is a response to a posting that I did not see any response to.

On Thu, 14 Mar 1996, Gerald L. Despain wrote:

> 1. In the extended log format it would be useful to allow a directive to 
specify the
> identity of the site for which the log was produced.  This would 
facilitate the
> prepartion of analysis reports on aggregations of logs from different web 

I think that including general information in the preamble of the log is
a good idea.

> 4. It would be useful to allow logging of various forms of user or session 
> including the ideas as defined in the working draft on session-id.  In 
general, there
> are the following kinds of "id" that may be available and logged:

> visit-id
> Persists only for a single session.  No other user information associated 
with the id.

Is this the session id?  It would be appropriate.

> user-id
> Persists between sessions.  Allows recognition of when the same person 
returns to the
> site.  No other user information associated with the id.
> customer-id
> Persists between sessions.  Allows the identification of the individual
> in external databases, such as a customer database.

1.  I think that user-id and customer-id can be combined into one.  If you
need a specific id for the customer database, that should fall outside of 
log.  customer-id usually fall as an inside company id and should be kept as

If you need to grab a specific customer-id, I suggest a secure link.  Either
have a log-in page or extend the cookie mechanism in order to let the client
system define a user-id and customer-id cookie for that site.  Any which
way, I think you should keep the customer-id out of the log.

2.  How are we defining a user-id.  A random number is not guaranteed to
be unique so ones has to be provided.  Is that id supposed to be site
unique or global.

> described-user-id
> Persists only for a single session.  Associates some demographic 
information with the
> user.  Does not allow for identification of any personal identification 
such as name
> or address.
> identified-user-id
> Persists between sessions.  Associates some demographic information with 
the user.
> Does not allow for identification of any personal identification such as 
name or
> address.

I believe that the information provided by *-user-id can be maintained by
the site outside of the log.  The deomgraphic information can be stored
externally and tied to the user-id.  When the log is exported, the
user-id can be replaced by or augmented with the demographic
information.  The idea is for the site to ask "if the user would like to
give demographic info" once for an unknown user-id  and not do it under
the table.


Magnus Mengelbier                  tel.     Sweden + (0)40-29 39 12
Mathematical Statistics            e-mail  magnusm@maths.lth.se
Lund University, Sweden                    magnusm@ibm.net