Tracker API: cdt parameter should not require token_auth when setting a recent datetime

[mattab]

The goal of this ticket is to modify the Tracker API parameter cdt so that it is allowed to send cdt values within the last N seconds without passing the token_auth.

By default a user could send a tracking api request setting a custom datetime in near past without needing to authenticate with token_auth.

Tasks

• Modify Tracker API
• add test
• new config setting to customise the time delay for which users can set cdt datetime values in the past N seconds.
  • Proposed default: 2 hours = 7200 seconds.
• update the reference docs http://developer.piwik.org/api-reference/tracking-api as well as any FAQ or user guide that may mention cdt

This overall goal is to make Mobile Apps Tracking easier to use and less need of configuration in the SDK.

[quba]

Maybe it would be enough to set it to "visit_standard_length"?

[mattab]

I think most cases that users are offline and come back online can be a few hours long. it would be a shame to lose usage tracking data for those hours where user was disconnected or poor connection. not sure even if 2 hours is enough, maybe 4 will be better...

[mattab]

doc updated in https://github.com/piwik/developer-documentation/commit/d6f087d9fedea7197413478c7e7e1f11a1af7bc6