Plumbr is capable of understanding who exactly are using the application being monitored. First part of this challenge is making sure Plumbr will be able to distinguish one user from another. Plumbr is capable of doing so by either being aware of a particular HTTP header being used for authentication purpose or via a specific cookie named plumbr_user_tracker.
In case the HTTP headers are used, distinguishing and identifying users is based purely on the value of a particular HTTP header value. No new cookies are created nor sent to the users of such applications.
In case the application monitored is not using HTTP headers for authentication/identification purposes, Plumbr falls back to cookie-based approach. For requests not containing particular HTTP authentication headers, Plumbr generates a cookie and injects it to the browser via HTTP response. The presence of the cookie guarantees that all the subsequent HTTP requests arriving from the same device/browser will be linked to the same cookie ID.
Cookies are thus used to distinguish between different users. Identifying the user is based on linking the cookie with the user identity stored in the server-side. If the application stores the identity in a HTTP Session then whenever a user is authenticating him/herself, Plumbr can capture the identity and link it with the cookie.
Pay attention that Plumbr can discover users only from HTTP traffic. So if you are for example using EJB calls or Swing events, Plumbr is not capable of using aforementioned approaches.