-> when token_auth is invalid (or not set) and
cdt is set with an old timestamp that require authentication, we should skip tracking the request instead of tracking it with the "current datetime".
Currently one can override the request datetime in a Tracking API request by setting
cdt parameter. see documentation: http://developer.piwik.org/api-reference/tracking-api#other-parameters-require-authentication-via-token_auth
As discussed in https://github.com/piwik/piwik/issues/9939 when the
token_auth is not correct, currently the request is tracked using the current date time. This actually create invalid data and hard to detect the issue (ie. many requests could be tracked at once when a device comes online and old data tracked).
Ideally we also need to make it configurable re how far in the back it is possible to track without needing token. Maybe we could also change default value from 4 hours to 24 hours?
+1 (configurable + default to 24 hours)