manual/src/archives/1.4/asciidoc/how-profile-tracking-works.adoc - unomi - Git at Google

 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 === How profile tracking works

 In this section you will learn how Apache Unomi keeps track of visitors.

 ==== Steps

 1. A visitor comes to a website
 2. The web server resolves a previous request session ID if it exists, or if it doesn't it create a new sessionID
 3. A request to Apache Unomi's /cxs/context.json servlet is made passing the web server session ID as a query parameter
 4. Unomi uses the sessionID and tries to load an existing session, if none is found a new session is created with the
 ID passed by the web server
 5. If a session was found, the profile ID is extracted from the session and if it not found, Unomi looks for a cookie
 called `context-profile-id` to read the profileID. If no profileID is found or if the session didn't exist, a new
 profile ID is created by Apache Unomi
 6. If the profile ID existed, the corresponding profile is loaded by Apache Unomi, otherwise a new profile is created
 7. If events were passed along with the request to the context.json endpoint, they are processed against the profile
 8. The updated profile is sent back as a response to the context.json request. Along with the response

 It is important to note that the profileID is always server-generated. Injecting a custom cookie with a non-valid
 profile ID will result in failure to load the profile. Profile ID are UUIDs, which make them (pretty) safe from brute-
 forcing.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//
	=== How profile tracking works

	In this section you will learn how Apache Unomi keeps track of visitors.

	==== Steps

	1. A visitor comes to a website
	2. The web server resolves a previous request session ID if it exists, or if it doesn't it create a new sessionID
	3. A request to Apache Unomi's /cxs/context.json servlet is made passing the web server session ID as a query parameter
	4. Unomi uses the sessionID and tries to load an existing session, if none is found a new session is created with the
	ID passed by the web server
	5. If a session was found, the profile ID is extracted from the session and if it not found, Unomi looks for a cookie
	called `context-profile-id` to read the profileID. If no profileID is found or if the session didn't exist, a new
	profile ID is created by Apache Unomi
	6. If the profile ID existed, the corresponding profile is loaded by Apache Unomi, otherwise a new profile is created
	7. If events were passed along with the request to the context.json endpoint, they are processed against the profile
	8. The updated profile is sent back as a response to the context.json request. Along with the response

	It is important to note that the profileID is always server-generated. Injecting a custom cookie with a non-valid
	profile ID will result in failure to load the profile. Profile ID are UUIDs, which make them (pretty) safe from brute-
	forcing.