INTRODUCTION
This document presents information for users of web analytics accounts. Most of the operations described in this handbook are performed from within the secure areas of the site.
Browser Requirements
The administration site requires javascript and session
cookies to be enabled on your browser. Many
users can use the site without any changes to their
browser settings. If you do not normally have these
turned on, you can limit these features to this site
by using the customisation features of your browser.
The login page will warn you if these features are not
detected during login.
User Security
The basis of the security features built into the
system is the session cookie created when the
user logs in. The session cookie will continue to
exist until either the browser is completely closed
down or the user explicitly logs out. If the user
only closes the particular browser window, the session
cookie will remain available to anyone using the browser.
While it may be acceptable for the user to only close the window in a trusted environment, it is absolutely necessary to log out explicitly when using the system in an insecure environment such as an internet cafe. Also remember to clear the browser cache when in an insecure environment.
User Login
To login, a user should click on the user login link
available from the menu.. Attempts to access any protected
area of the site while not logged in will be redirected
to the login page.
User Logout
To logout a user should use the logout selection in the
main menu.
User Lockout
Automatic system access protection has been implemented
to prevent password guessing. Any user who fails to
login correctly within three attempts will be refused
further login attempts for a period of sixty minutes.
The user account is automatically enabled again after the delay period and the user will be able to login again if the proper credentials are supplied. There is no need to contact support for manual intervention. The procedure is entirely automatic.
There is no feedback to the user as to which element of the supplied credentials are incorrect or invalid. This design discourages casual account probing and dictionary attacks.
Password Recovery
If a user forgets their password, the user can request
a password reminder be sent by email to their email
account by supplying the registered email account.
A reminder will only be sent if the account exists on the system. To avoid account probing, there is no indication to a user whether the account exists or not. These reminders are created automatically by the system and sent immediately.
If a user account needs to be completely reset because the user has lost access to the email account, it will be done only upon proof of authority that is acceptable to the system administrators.
This method of recovery is considered to be an exceptional circumstance and will be subject to significant delay due to the nature of the request.
Login Information
Any user can change their email address and password
using this menu selection. When changes are made,
they are recorded by the system as pending changes and
one or more confirmation emails are sent by the system.
The changes become effective when confirmed by following
the instructions contained in the email.
A password change will only require one email. An email address change will result in two emails. A warning email is sent to the old email address with instructions on preventing an unauthorised change. A confirmation email is sent to the new email address with instructions on confirming the new email address.
These measures protect the accounts from unauthorised changes by requiring the party requesting the change to prove access to the email accounts and that the new email address is valid.
Account information is entirely optional. If it is left blank, the account management page will not have any details to display to the user. The account management page permits the editing of account information and the addition of sites associated with the account.
Site Administration
The site administration page is used to generate
the html tracking code or to delete sites from the
list of tracked sites.
The html tracking code generator creates html code for insertion into the pages of a tracked site.
The tracking code generator can create the code required for either non-secure or secure pages.
Tracking Code
The only requirement for a successful implementation of the
measurement system is the insertion of the supplied html
tracking code into the pages to be tracked.
However experienced administrators and developers have opportunities to greatly enhance the value of the information if consideration is given to the factors governing the full capabilities of the system.
Sites Using Session Identifiers
Some sites use session identifiers inserted into url query parameters
as a means of session tracking. This technique is usually implemented
by means of dynamic pages generated by a scripting environment such as
php, coldfusion, asp or asp.net. For example, coldfusion uses the two
query variables CFID and CFTOKEN.
These session variables will prevent reports from grouping pages that vary only by the session variable as a single url.
To treat this type of url as a single url the tracking code must be used with a special parameter to cause the grouping to take place.
If a site uses session identifiers in query parameters, please contact support for assistance in modifying the tracking code before implementation. There is no charge for this assistance.
Creating Tracking Codes
Tracking codes are created using the site administration page.
Both http and https versions can be created depending on the
requirements of the hosting page. The generated tracking code
is presented in a text box which the user can select and copy
in preparation for a paste operation into an editor.
It is suggested that a copy is made into a plain text file for convenient reuse or distribution.
If the tracking code is emailed, it should be sent as a text attachment to avoid corruption due to line wrapping performed by the email client.
Inserting Tracking Codes
The tracking code is sensitive to line breaks and format. It is
important that they be inserted into web pages in the designated
format.
The best method is to use a plain text editor such as notepad.
If a html editing tool such as dreamweaver is used, it is the responsibility of the administrator to ensure that the code is inserted in the proper manner.
Privacy Policies
The measuring ability of the tracking code is at its best when browser
cookies are available. One of the factors affecting the ability of
the tracking code to set cookies is the existence of a compact privacy
policy. Administrators should ensure that a suitable compact privacy
policy is made available to browsers on their sites.
Some jurisdictions also require the publication of a privacy policy as a matter of law.
Library Files
Note that the library files referenced in the tracking codes are
served by the measurement servers. This is done to ensure that
the correct version is delivered to the client at all times, and
to ensure that the delivery is as fast as possible. Compression
and caching is used whenever permitted by client browser settings.
Site Grouping
A site identifier is assigned when a site is created in the
administration panel. This site identifier controls the grouping
of data that is presented together when generating reports. Since
the site identifier is independent of the site name multiple sites
can be included in one grouping as long as the same identifier is
used for the tracking code inserted into all sites in the group.
Secure Sockets Layer
The tracking mechanism works transparently with the secure sockets layer
version of the http protocol, https. The difference is in the dns names
of the script and measurement servers. The code generating function of
the site administration page includes a setting for the use of the
https protocol which causes the correct code to be generated for
https pages containing the code. Using the non-https version of the
code will still work, however users will be prompted by their browsers
that the page contains insecure elements. These prompts are eliminated
by using the proper versions of the html tracking code.
Sites and Session Identifiers
Some sites use session identifiers inserted into url query parameters
as a means of session tracking. This technique is usually implemented
by means of dynamic pages generated by a scripting environment such as
php, coldfusion, asp or asp.net. For example, coldfusion uses the two
query variables CFID and CFTOKEN.
These session variables will prevent reports from grouping pages that vary only by the session variable as a single url.
To treat this type of url as a single url the tracking code must be used with a special parameter to cause the grouping to take place.
If a site uses session identifiers in query parameters, please contact support for assistance in modifying the tracking code before implementation. There is no charge for this assistance.
Variable Definitions
The tracking code uses a number of user settable parameters for
maximum flexibility. Part of the tracking code reads as follows:
O0("00171006","img.basicanalytics.com",720,[],0,0)
The parameters from left to right are:
"00171006" | site identifier |
"img.basicanalytics.com" | measurement server |
720 | reserved |
[] | reserved |
0 | reserved |
0 | sales amount |
A static version of the tracking code is generated using the site administration page. All parameters are mandatory.
However it may be necessary to use dynamically generated tracking code on certain pages. The most frequent reason for this is to fill in the sales amount parameter.
Another situation where it is necessary to use dynamically generated tracking code is where the same page is used on both http and https pages. In this case, the proper server names must be filled in. The recommended procedure is to generate static http and https versions, then use these as include templates for the dynamic pages.
Ads and Affiliates
Inbound ads and affiliate links should be carefully planned.
The capabilities of the measurement server present opportunities
to identify,categorise and measure this traffic source.
As a minimum, the inbound links should contain a identifying parameter such as an affiliate id or campaign id.
Note that it is possible to include query parameters in links to static pages. The parameters will be ignored by the web server but the correct page will still be delivered to the client without error. However, the values of the query parameters remains available to the html tracking code and will be recorded as part of the measurement process.
Sales and Refund Tracking
The one difference between normal tracking and sales tracking is
the substition of a non-zero value for the sales amount in the
tracking code parameters. See the section on variable definitions
for the location of the sales amount parameter.
For the most accurate tracking it is important that every sale page contain the correct value and that all other pages contain a zero for the sales amount parameter.
The measurement server filters duplicate sale values from a session to account for users who use the back or reload button to see a sale again. Developers may find it useful to filter the value using on page techniques as insurance to avoid duplicate sales measurements.
The most suitable location for tracking a valid sale is on the final sales confirmation page. This is sometimes called the thank-you page.
This will work even when using a third party web site to process the sale as long as the user is returned to the originating site and the site has access to the sales amount while generating the thank-you page.
If the value is not available or the customer is not returned to the originating site, then the only alternative is to set the amount just before the user is sent to the third party server.
It does not matter if the user is sent using a redirect, a get, or a post transaction as long as the sale amount is set in the required parameter in the tracking code.
If tracking refunds is desired, then negative amounts representing the value of the refund to be deducted from total sales can be used. The sales count numbers should then be interpreted as the number of transactions rather than the number of sales.
Shared Session Identifiers
It is possible to share session identifiers between the originating
site and the measurement site. By sharing session identifiers the
originating server is relieved of the need to create session identifiers
since a unique session identifier is already generated by the tracking
code. The session identifier is stored as a named session cookie value in
"_c11b_", omitting the double quotation marks. It will be in the form of a
unique cryptographic hash consisting of 40 hexadecimal characters.
Exempting Browsers
It is possible to exempt specific browsers from being included in the
statistics measured by the tracking code. This is normally done to
prevent internal users from skewing the measured results. The mechanism
used is a permanent first party cookie that is set by visiting a
specific page created for the purpose of setting the cookie value.
The usual policy is to create the page as an orphan page on the site with no links referencing it. The users that are to be exempted from tracking are then instructed to visit the page with their usual browser. This affects only the browser used to visit the page. Users using multiple computers, or using mutliple browsers will need to visit the cookie setting page with each browser.
The site management interface can generate the correct code to create a page on the originating site for this purpose.
An alternative is to use the code as a pattern for integration into some page that is regularly used by the exempted group such as a login page.
Tracking 404 Page Not Found Errors
Missing pages on a site can be tracked by using a custom error page
containing the standard tracking code. Most popular servers will
pass the requested url as a parameter when the custom error page
is invoked. By including the parameter in the url of the custom
error page, it will be inserted in the data returned and stored
on the measurement server ready to be included in reports.
