Forum OpenACS Q&A: Storing cookie info or user IDs in the access log

I want my log analyzer to produce streams of actions per user.
However, the default log setup only differentiates users by IP. This
does not work at all for an AOL user who can show up with several
different IPs. If I could configure the access log (nslog) to store
the user ID from the cookie, then I could use that to mark unique
users. Anyone know how to do this?

Here's how we do it:

ns_section "ns/server/${servername}/module/nslog"
ns_param   debug           true
ns_param   dev             true
ns_param   rolllog         true
ns_param   rollonsignal    true
ns_param   rollhour        0
ns_param   maxbackup       999
ns_param   file            ${homedir}/log/${servername}.log
ns_param   logcombined     true
ns_param   extendedheaders COOKIE

We are using this build of AOLserver:

AOLserver/3.2+ad10 (aolserver3_2_ad10)
   CVS Tag:         $Name: aolserver3_2 $
   Built:           Dec  5 2000 at 17:14:44
   Tcl version:     8.3
   Thread library:  pthread
   Platform:        linux
I should qualify the above: that is how we get cookie data in our access log.  You'll have to do some more work to boil each entry down to a user_id.

To furhter qualify Justin's suggestion, you can write user_id's directly into the access log without having to "massage cookies". Like Justin said, you would put something like this in your server config file:

ns_param ExtendedHeaders X-User-Id

And then you would have to make sure the following code gets run on every request, before you serve the page.

ns_set put [ns_conn headers] X-User-Id "user_id=$user_id"
With reference to Vadim's suggestion, more specifically, in OACS 3.x what you'd do is put the following lines in sec_read_security_info before return "filter_ok":
    if [info exists ad_sec_user_id] {
        set user_id $ad_sec_user_id
    } else {
        set user_id 0
    ns_set put [ns_conn headers] X-User-Id "user_id=$user_id"
Does anyone knows if analog can gives you a per user_id report in the sense of which urls has been requested by a user?

if yes, how to do that?

Should this go in as a patch?  How harmless is it?  Does putting the user_id in the HTTP headers matter if the user id is often in the url anyway?  Is there a performance impact?  Should we make this the default behavior in conjunction with adding matching code to config.tcl to capture it?  Does the extra data in the access log break the standard log format?
Yes Joel, you can put it as the default behaivor on config.tcl, it won't affect the access.log.
We are in a point to release an small package to handle the reports with analog.
Joel, it is completely harmless, as the user_id is being added to the incoming HTTP headers not any outgoing headers. Yes, it sounds odd, but that is actually the way it works. And no, adding the extra data to the access log shouldn't break anything trying to read it.

Here are yet three more threads dicussing this issue: Nov. 2001, May 2002, April 2003.

Posted by Andrew Piskorski on
As I mentioned back in 2002, it is easy to write the OpenACS user_id to the AOLserver access log on each and every hit. However, when an error occurs, it would be really nice if the user_id was included with the error stack trace in the error log, but there is no obvious way to do this.

Has anyone since come up with a way to log the user_id to the error log whenever a page throws a Tcl error?