When 3rd party cookies (_pk_uid) are enabled and a pageview is tracked to multiple siteids at once, then there is a race condition:
A new user without the 3rd party cookie arrives at page X.
The pageview of X is tracked to siteid A and at the same time to siteid B.
Both track requests do not have the 3rd party cookie set.
When matomo processes these requests, it will use the visitorid that came with the request as visitorid for the 3rd party cookie.
Here is a race condition: one of the requests will win, its visitorid will be the new global visitorid in the 3rd party cookie.
The visitorid of the request that lost remains in the database as an additional visitor+visit, and thus corrupting the data.
This will of course not fix the problem, when the js is loaded directly from /piwik.js.
Thus I would recommend to add this case to the FAQ: When using 3rd party cookies AND tracking to multiple siteids at once, one must use /js/tracker.php and not /piwik.js to load the js in the browser.
Updated: do not write third party cookie if ignore cookie is present
Updated: cleaned & improved the pr
@tsteur As this is quite a critical bug, is there anything I can do to get this merged? Creating a test for a race condition would be kind of hard.
Tested it and works 👍 Happy to merge @MichaelHeerklotz . Good find... was probably tricky :)