@MichaelRoosz opened this Pull Request on August 16th 2018 Contributor

Cookie: added parameter 'validateSignature' to switch off signature validation
IgnoreCookie: added support for setting "cookie_domain"
IgnoreCookie: do not validate cookie signature to allow sharing it between multiple matomo instances

@tsteur commented on February 7th 2020 Member

@MichaelHeerklotz @diosmosis I'm actually not quite getting why something should be or should not be signed. Think I'm missing something. What and how exactly are we signing things here? For what reason? Sorry I'm not much into this.

@diosmosis commented on February 7th 2020 Member

@tsteur my guess was the ignore cookie was being created outside of matomo or something like that. But that's just a guess.

@MichaelRoosz commented on June 15th 2020 Contributor

@tsteur @diosmosis
my guess is, that the sign check was added to avoid fake visitorids / etc created by cookie manipulation.

for the ignore cookie it makes no sense , so I have removed the check for it. this allows using the same ignore cookie for multiple matomo setups (if everything is running under the same root domain (big setups)

@tsteur commented on June 28th 2020 Member

@MichaelHeerklotz could you resolve the merge conflict and then ping me? I'll merge it then.

This Pull Request was closed on June 29th 2020
Powered by GitHub Issue Mirror