suggestion for placing tracking cookie just like google adword - google-analytics

I have a contact us form in our website which would send out an email to the site admin when submitted. I would like to know from which site the user has landed onto this page and how many unique users have come here and such things... I have used Google Analytics but it sends out only information on the adword that the user has clicked. I would like to know from which site and from the user came in so that I can add this referring site when email is being sent to the site admin.
I am guessing that the referring site will always have some URL manipulation to redirect here so how can i grab that URL? or is there any other better way to achieve this?

Does the environment variable HTTP_REFERRER give what you want?

You can can begin collecting this data without adding any javascript to your Site's pages, using your server's access logs. If your server is Apache, then as long as you set your config file to record data to your access log in the Combined Log Format, then you are already collecting referrer (i.e., this is one of two additional fields appended to each line in the logfile when you specify the Combined Log Format versus the (default) Common Log Format, the other field is the user agent; both 'referer' and user-agent are taken from the respective HTTP request headers).
Another advantage of this method is that if you have been logging using the Combined Log Format, then you also have the data you want going back in time, as far back as you archive your logfiles.

Related

Redirect Visitors Based on coming from website in WordPress

Is it possible to redirect visitors based on coming from website in WordPress
Your question is a bit vague. If I understand correctly you're trying to redirect base on a specific referer.
$_SERVER let you retrieve server and execution environment information. It is an array containing information such as headers, paths, and script locations.
$_SERVER[HTTP_REFERER] enable you to retrieve the address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
<?= $_SERVER[HTTP_REFERER]; ?>
Source # https://www.php.net/manual/en/reserved.variables.server.php

How to make secure ajax call using asp.net?

I am new to ajax, In my website, I am calling Ajax, it will pass parameter and it will retrieve records from database based on parameter.
But I can see the complete url link on Inspect Element's network tab like below
Employee.aspx?userid=45
I check this stack overflow link. I didn't get clear idea about it.
In some website they mention we can you Token,Authenticate the user,use cookies. But I don't understand how to use those things on my ajax code
The answer for this is not fixed it based on which approach you follow. The stack overflow link you provided pointing out the same thing about the link issue which you have right now. Any ways following are some possible approaches you can follow in order to prevent your URL visibility to end users
1. Make use of unique keys/alias/ids
In order to prevent your table's primary key to be directly revealed to the end user from the devtools you can have a user key column in your user table which have some random 4-6 digit unique code per user so to identify each of them and use these keys to communicate through URL or service calls instead of primary key itself. Same can be applied to any tables. Some people prefer username alias used in the URLs like employee name "John Marshal" can have URL like Employee.aspx?username=john-marshal
2. Token based on authentication or Cookies
This is where some learning is required. The basic idea behind it is the service which is called based on the URL will only be served to the authentic user which have the token or the cookie already present at the user's end. So in that way the call won't reveal any data it will simply return "403 Forbidden" or "401 Unauthorized" HTTP responses. And such URL will only exist on the pages which are accessible by authentic user. It means until and unless the user is logged in they can't get data from such URLs.
Still there are many ways to achieve this but these are all approaches which can be considered; you totally can't secure the requested URL its the approach which can.
Hope it helps

Track Keywords from Google Adwords and GA and store them

I run an adword campaign on google.
Users type in keywords and come to my landing pages via few ad's they see. Now my landing page has some 2 pages. One has informational which brings a user directly to the landing page after ad click - second is a signup form. Now I wish to capture the keywords he has typed in and then come into this form so that we know how users are reacting to our ads and what do they type to get to us.
The complex part is how can we use the GA - API to track this down. Since user will landing on /page and may signup finally from /page1 so we need to store those kewyords from his url (which is done via the Value Track codes in the url) and then store in the cookies so that when he later comes to /page1 and is signing up the same keywords can be passed and stored in the backed?
Is this possible and some can please help with this - where to look for how to accomplish this.
Thanks
I append a code to my ad's URL in AdWords:
www.example.com/?code=some-unique-id
On the landing page I check for the query string parameter, and if found store it in a cookie.
Any subsequent pages can access the cookie, and get the code from the original landing page.
This is only ad-group level, but it's a start.

Searching for existing research on http redirects and browser history

For a web app I want to let users review and edit a record they made previously through a browser form. In their confirmation mail, they get an access link with a secret token, like http://myapp.com/edityourstuff/hdD8sF2m Clicking this link shows them a form in which they can edit the existing data they submitted earlier.
This is not as secure as a username/password combination, but much more convenient and suitable for my situation.
However, I want to make this as secure as possible.
GET URLs
If the link containing the secret access token is disclosed, unauthorised people can access the data. My concern here is about shared/public computers.
I was planning to tackle this problem with the following pattern:
Access to /edityourstuff/ds8sdfhe via link in email
Start a session, store the secret token in there
redirect to clean /edityourstuff without token
The app now has access to the token in the session and can display the form accordingly. And the URL bar does not show it.
My question now is: Do browsers store the initial URL, that immediately redirects to the clean URL in their history?
I know that the different HTTP redirect status codes (301, 302, 303) have different use cases in theory. Is there any information on how different browsers treat the different redirect codes in respect to (not) storing the initial URL in browser history?
I just did some quick testing myself, with Firefox 7.0.1
When using the above pattern, no matter if 301, 302 or 303 redirect, Firefox does not return to the initial URL when clicking the back button. However, it is shown in the full browsing history and is part of the URL completion list of the browser bar.
This is exactly the drawback I was hoping to avoid.

Show uploaded files to Anonymous user but only allow download from registered

On Drupal 6 I am attaching a file to a node. This can be done using the core upload module or as a CCK field (What ever will achieve the permissions issue).
I would like anonymous users to be able to see the file, but once they click on it to be prompted to login or register. Once logged in (or registered) then to be taken to either the same page they started on or start the download.
Not really sure where to start on this (related to the permissions and then the eventual redirect).
One method that i would do is in the template files detect if there is a userid variable (To indicate they are logged in), if there is show the link to the file - if they are not then to send to the login/registration page. I can store the link they wanted in the user session. But then how would i detect their registration is complete and redirect them to the page/file?
Ideally there is a module (which I am still hunting around for) that does this task!
Basically, you just need to set the destination parameter, this works for the basic login/registration form. If you however require something like email confirmation for registration, then it's going to be a lot more complicated.
Example Links:
user/login?destination=download_url
user/register?destination=download_url
There is also an API function that will automatically generate the destination part for the current URL: http://api.drupal.org/api/drupal/includes--common.inc/function/drupal_get_destination/7.

Resources