| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| // |
| === How profile tracking works |
| |
| In this section you will learn how Apache Unomi keeps track of visitors. |
| |
| ==== Steps |
| |
| 1. A visitor comes to a website |
| 2. The web server resolves a previous request session ID if it exists, or if it doesn't it create a new sessionID |
| 3. A request to Apache Unomi's /cxs/context.json servlet is made passing the web server session ID as a query parameter |
| 4. Unomi uses the sessionID and tries to load an existing session, if none is found a new session is created with the |
| ID passed by the web server |
| 5. If a session was found, the profile ID is extracted from the session and if it not found, Unomi looks for a cookie |
| called `context-profile-id` to read the profileID. If no profileID is found or if the session didn't exist, a new |
| profile ID is created by Apache Unomi |
| 6. If the profile ID existed, the corresponding profile is loaded by Apache Unomi, otherwise a new profile is created |
| 7. If events were passed along with the request to the context.json endpoint, they are processed against the profile |
| 8. The updated profile is sent back as a response to the context.json request. Along with the response |
| |
| It is important to note that the profileID is always server-generated. Injecting a custom cookie with a non-valid |
| profile ID will result in failure to load the profile. Profile ID are UUIDs, which make them (pretty) safe from brute- |
| forcing. |