Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not set the previous session ID reference in cookies if anonymous tracking is enabled (close #1268) #1274

Merged
merged 3 commits into from
Dec 14, 2023
Merged

Do not set the previous session ID reference in cookies if anonymous tracking is enabled (close #1268) #1274

merged 3 commits into from
Dec 14, 2023

Conversation

matus-tomlein
Copy link
Contributor

Issue #1268

Addresses the issue where the previous session ID reference was updated in the cookies even in case anonymous tracking (with session tracking was enabled).

This was a problem, because the cookie value is sent as an HTTP header along with requests. It allowed one to use a cookie enrichment to inspect the value and use the previous session ID reference to basically reconstruct the user identifier (join together their previous sessions).

To solve the issue, I updated the function that serializes the cookie value to accept a flag whether anonymous tracking is enabled. In case it is enabled, we skip serializing the domain user ID and the previous session ID.

@matus-tomlein matus-tomlein requested review from igneel64 and a team December 12, 2023 13:36
@bundlemon BundleMon
Copy link

bundlemon bot commented Dec 12, 2023
edited
Loading

BundleMon

Files added (6)
Status Path Size Limits
libraries/browser-tracker-core/dist/index.mod
ule.js
 +25.66KB 26KB / +10%
trackers/javascript-tracker/dist/sp.js
 +24.74KB 25KB / +10%
trackers/javascript-tracker/dist/sp.lite.js
 +15.07KB 15.5KB / +10%
trackers/browser-tracker/dist/index.umd.min.j
s
 +14.94KB 15KB / +10%
libraries/tracker-core/dist/index.module.js
 +13.36KB 15KB / +10%
trackers/browser-tracker/dist/index.module.js
 +3.51KB 5KB / +10%

Total files change +97.27KB 0%

Final result: ✅

View report in BundleMon website ➡️

Current branch size history

@matus-tomlein matus-tomlein changed the base branch from master to release/3.19.0 December 12, 2023 13:40
greg-el
greg-el approved these changes Dec 13, 2023
View reviewed changes
Copy link
Contributor

@greg-el greg-el left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@matus-tomlein matus-tomlein merged commit a658efb into release/3.19.0 Dec 14, 2023
2 checks passed
@matus-tomlein matus-tomlein deleted the issue/1268-previous_session_id_anonymous_tracking branch December 14, 2023 07:40
matus-tomlein added a commit that referenced this pull request Dec 14, 2023
@matus-tomlein
Do not set the previous session ID reference in cookies if anonymous …
0a79fba 
…tracking is enabled (close #1268)

PR #1274
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@greg-el greg-el greg-el approved these changes

@igneel64 igneel64 igneel64 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@matus-tomlein @igneel64 @greg-el