Here’s something that might be so blindingly obvious to everyone else in the world that I look like a jerk for talking about it, but I couldn’t find the answer by searching Google, so I’m going to share it anyway.
We are developing a web project at work that I can’t talk about yet, but the boss wanted to email a link and login details (the site is protected by Apache’s Basic Authentication, you know, where a username and password box comes up before you can access a site or directory) to a potential partner. And we wanted to be able to check if they had used the information and visited the site.
Well, after much unsuccessful Googling, I noticed that the logged-in username is right there in the raw access log, just after the IP address of the visitor. So all I needed to do was create a new username/password pair just for them and we can see if they drop by.