matomo-org / matomo

Empowering People Ethically with the leading open source alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. Liberating Web Analytics. Star us on Github? +1. And we love Pull Requests!
https://matomo.org/
GNU General Public License v3.0
19.9k stars 2.65k forks source link

Tracking Parameter 'cid' Custom Visitor ID, should be "enforced" when it is specified #3776

Closed anonymous-matomo-user closed 11 years ago

anonymous-matomo-user commented 11 years ago

In order to set a custom visitor Id, the parameter cid is used in PiwikTracker.php (see [https://github.com/piwik/piwik/blob/ce63a9fbc4727df77a351fc55a641693d10a4f5c/libs/PiwikTracker/PiwikTracker.php#L1047]). However, it cannot be used to distinguish Visitors as distinct.

Steps to reproduce:

The visitor is known (idvisitor = fbface7fb484cf60,
                            config_id = 6da98b12e33904b4,
                            idvisit = 1270,

(Complete output attached)

Also, cid is not documented in the FAQ [http://piwik.org/docs/tracking-api/reference/].

May be related: #3312

anonymous-matomo-user commented 11 years ago

Attachment: Tracking Debug Output piwik.html

anonymous-matomo-user commented 11 years ago

Attachment: Visitor Log: Only one visit (instead of several), wrong visitor id crushed.png

anonymous-matomo-user commented 11 years ago

Attachment: 2nd test output test.html

anonymous-matomo-user commented 11 years ago

Using Piwik 1.10.1 . API key is admin user of idsite(2).

anonymous-matomo-user commented 11 years ago

Oh, sorry: auth_token should be token_auth, of course. Attached a new version of the output, as the problem remains:

Matching visitors with: visitorId=1234567890123456 OR configId=6da98b12e33904b4<br />
The visitor is known (idvisitor = bb0ccf88648b5ee2,
...

In case of a forced (vs. indicated via _id) visitorId it should only match by visitorId.

anonymous-matomo-user commented 11 years ago

I've sent a pull request on github: https://github.com/piwik/piwik/pull/35 - which fixed the issue for me.

mattab commented 11 years ago

Thanks for the report, very nice find. I agree with your proposal, that when a user has called $tracker->setVisitorId( ) and has authenticated with token_auth, then the visitor ID should be enforced.

mattab commented 11 years ago

In 12c3fbeb845c42d493df4440e35ccf95c3dcae45: Fixes #3776, Fixes #3787

Adding integration test to test this code.

I also updated tracking api reference to explain "cid" parameter.

cid (requires token_auth to be set) defines the visitor ID for this request. You must set this value to exactly a 16 character hexadecimal string (containing only characters 01234567890abcdefABCDEF). When specified, the Visitor ID will be enforced. This means that if there is no recent visit with this visitor ID, a new one will be created. If a visit is found in the last 30 minutes with your specified Visitor Id, then the new action will be recorded to this existing visit.

mattab commented 11 years ago

Tracking API updated

mattab commented 10 years ago

see also #6109

fulstadev commented 9 months ago

This issue appears to still persist / exist again. What I did:

  1. identify the client via the submitted e-mail address (set the e-mail address equal to the user ID, using $tracker->setUserId(submitted_email) in PHP.
  2. To be able to enforce the visitor ID according to an attempted retrieval of it from the request received from the client via $tracker->getVisitorId(), I call setTokenAuth('apiKey'), then getVisitorId(), then setVisitorId() with what has been retrieved via getVisitorId().
  3. This seems to properly work, as I've tested it: getVisitorId() successfully returns the value of the tracking cookie I get from the client that fired the request. Then I var_dump the url that getRequest() internally generates within doTrackEvent(), and the generated URL properly holds the cid parameter equal to the tracking cookie of the client.

The same happens when you do what's mentioned above over and over, so I seemingly cannot enforce the visitorId using the PHP Package's setVisitorId() method, even though I authenticate properly and the getRequest() method, internally called in the doTrackEvent() method generates the proper URL with the correct cid parameter value (visitor ID X).

Of course it is essential for a proper use of the user ID that the system allows to enforce the visitor ID via request from the server to the API, with the received visitor ID from the client-side cookie, such that the entire history of page views / whatever can be reconstructed.

MatomoForumNotifications commented 9 months ago

This issue has been mentioned on Matomo forums. There might be relevant details there:

https://forum.matomo.org/t/cid-not-being-enforced-although-sent/54953/1

mattab commented 9 months ago

@fulstadev As this issue is closed, but your feedback is valued, could you please re-create a new issue with your information?