The purpose of the fingerprint is to put all tracking requests within the same visit into the same visit in the DB. A fingerprint is basically valid for up to 30 minutes after the visit ends (unless different visit length is configured).
By adding a random hash to the fingerprint we make sure when a user disables cookies, a visitor cannot be identified across multiple days and such no cookie consent should be needed.
This change should not really change behaviour for anyone AFAIK. In Matomo 4 we could remove the check for
create_new_visit_after_midnight potentially. We cannot limit the fingerprint in that case as when someone has
create_new_visit_after_midnight=0 and has cookies disabled, then a new visit would be still created after midnight since the configId would change.
The limited fingerprint will also not apply when enabling
[Tracker]enable_fingerprinting_across_websites = 1 since different sites can have different timezones and therefore we can't add any date to the fingerprint.
Should be ready for a review. If I see things right, nothing changes for users in the end but hard to say.
Haven't looked deeper into the code yet. But wouldn't changing the config id will have the effect, that every visitor will be a new visitor after the update? 🤔