@mattab opened this Issue on January 30th 2014 Owner

report from Peter:

I think I found a bug in the tracker which affects every user. One of my customers wondered about having single Visitors who have actions with different IP adresses at peak hours.

After searching for a possible issue in the visitor recognition, I think I found the issue - it occurs, when visitors with the same userAgent / OS / Browserfeatures (which pretty much applies to every iPad / iPhone with the same iOS) accesses a page at the same second. These visits will all get the same visitor-ID. The cause of that can be found in piwik.js line 1489 (version 06ac8c0). This is because the IP-Address (or anonymized IP or any other unique salt) is not part of the hashing function, only userAgent,platform,features and the timestamp (in seconds). It is hard to track down in the stats, but this could be a quite big error in every piwik instance with more than one visitor per second

Can anybody confirm this?

possible fixes - "nowTs" should be replaced by something like "nowTsMs", a millisecond timestamp to reduce collisions. But this is not ideal, because there are instances with 200 and more visitors per second, so there will be collisions again

-> random salt

@mattab commented on January 30th 2014 Owner

In 3e654669bd972a2ab8579a2e79c4f5cca13ad1cb: Fixes #4598 Better UUID to avoid visitor collision on same second + same configs

This Issue was closed on February 24th 2014
Powered by GitHub Issue Mirror