Apache Module mod_usertrack

Available Languages: en | fr

Description:	Clickstream logging of user activity on a site
Status:	Extension
Module Identifier:	usertrack_module
Source File:	mod_usertrack.c

Summary

Provides tracking of a user through your website via browser cookies.

Topics

Logging

Directives

CookieDomain
CookieExpires
CookieHTTPOnly
CookieName
CookieSameSite
CookieSecure
CookieStyle
CookieTracking

Bugfix checklist

Logging

mod_usertrack sets a cookie which can be logged via mod_log_config configurable logging formats:

LogFormat "%{Apache}n %r %t" usertrack
CustomLog "logs/clickstream.log" usertrack

CookieDomain Directive

Description:	The domain to which the tracking cookie applies
Syntax:	`CookieDomain domain`
Context:	server config, virtual host, directory, .htaccess
Override:	FileInfo
Status:	Extension
Module:	mod_usertrack

This directive controls the setting of the domain to which the tracking cookie applies. If not present, no domain is included in the cookie header field.

The domain string must begin with a dot, and must include at least one embedded dot. That is, .example.com is legal, but www.example.com and .com are not.

Most browsers in use today will not allow cookies to be set for a two-part top level domain, such as .co.uk, although such a domain ostensibly fulfills the requirements above.
These domains are equivalent to top level domains such as .com, and allowing such cookies may be a security risk. Thus, if you are under a two-part top level domain, you should still use your actual domain, as you would with any other top level domain (for example .example.co.uk).

CookieDomain .example.com

CookieExpires Directive

Description:	Expiry time for the tracking cookie
Syntax:	`CookieExpires expiry-period`
Context:	server config, virtual host, directory, .htaccess
Override:	FileInfo
Status:	Extension
Module:	mod_usertrack

When used, this directive sets an expiry time on the cookie generated by the usertrack module. The expiry-period can be given either as a number of seconds, or in the format such as "2 weeks 3 days 7 hours". Valid denominations are: years, months, weeks, days, hours, minutes and seconds. If the expiry time is in any format other than one number indicating the number of seconds, it must be enclosed by double quotes.

If this directive is not used, cookies last only for the current browser session.

CookieExpires "3 weeks"

CookieHTTPOnly Directive

Description:	Adds the 'HTTPOnly' attribute to the cookie
Syntax:	`CookieHTTPOnly on\|off`
Default:	`CookieHTTPOnly off`
Context:	server config, virtual host, directory, .htaccess
Override:	FileInfo
Status:	Extension
Module:	mod_usertrack
Compatibility:	2.4.42 and later

When set to 'ON', the 'HTTPOnly' cookie attribute is added to this modules tracking cookie. This attribute instructs browsers to block javascript from reading the value of the cookie.

CookieName Directive

Description:	Name of the tracking cookie
Syntax:	`CookieName token`
Default:	`CookieName Apache`
Context:	server config, virtual host, directory, .htaccess
Override:	FileInfo
Status:	Extension
Module:	mod_usertrack

This directive allows you to change the name of the cookie this module uses for its tracking purposes. By default the cookie is named "Apache".

You must specify a valid cookie name; results are unpredictable if you use a name containing unusual characters. Valid characters include A-Z, a-z, 0-9, "_", and "-".

CookieName clicktrack

CookieSameSite Directive

Description:	Adds the 'SameSite' attribute to the cookie
Syntax:	`CookieSameSite None\|Lax\|Strict`
Default:	`unset`
Context:	server config, virtual host, directory, .htaccess
Override:	FileInfo
Status:	Extension
Module:	mod_usertrack
Compatibility:	2.4.42 and later

When set to 'None', 'Lax', or 'Strict', the 'SameSite' cookie attribute is added to this modules tracking cookie with the corresponding value. This attribute instructs browser on how to treat the cookie when it is requested in a cross-site context.

A value of 'None' sets 'SameSite=None', which is the most liberal setting. To omit this attribute, omit the directive entirely.

CookieSecure Directive

Description:	Adds the 'Secure' attribute to the cookie
Syntax:	`CookieSecure on\|off`
Default:	`CookieSecure off`
Context:	server config, virtual host, directory, .htaccess
Override:	FileInfo
Status:	Extension
Module:	mod_usertrack
Compatibility:	2.4.42 and later

When set to 'ON', the 'Secure' cookie attribute is added to this modules tracking cookie. This attribute instructs browsers to only transmit the cookie over HTTPS.

CookieStyle Directive

Description:	Format of the cookie header field
Syntax:	`CookieStyle Netscape\|Cookie\|Cookie2\|RFC2109\|RFC2965`
Default:	`CookieStyle Netscape`
Context:	server config, virtual host, directory, .htaccess
Override:	FileInfo
Status:	Extension
Module:	mod_usertrack

This directive controls the format of the cookie header field. The three formats allowed are:

Netscape, which is the original but now deprecated syntax. This is the default, and the syntax Apache has historically used.
Cookie or RFC2109, which is the syntax that superseded the Netscape syntax.
Cookie2 or RFC2965, which is the most current cookie syntax.

Not all clients can understand all of these formats, but you should use the newest one that is generally acceptable to your users' browsers. At the time of writing, most browsers support all three of these formats, with Cookie2 being the preferred format.

CookieStyle Cookie2

CookieTracking Directive

Description:	Enables tracking cookie
Syntax:	`CookieTracking on\|off`
Default:	`CookieTracking off`
Context:	server config, virtual host, directory, .htaccess
Override:	FileInfo
Status:	Extension
Module:	mod_usertrack

When mod_usertrack is loaded, and CookieTracking on is set, Apache will send a user-tracking cookie for all new requests. This directive can be used to turn this behavior on or off on a per-server or per-directory basis. By default, enabling mod_usertrack will not activate cookies.

CookieTracking on