fix: notify per anonymous viewer, not once per tracked link#15
Merged
Conversation
For a tracked link without email verification, every anonymous viewer was keyed as the constant "anon". recordOpen decides "first open" per viewer, so after the very first open the owner's notification never fired again, no matter how many different people opened the link. Give each browser a stable id via a first-party sentou_vid cookie and key anonymous viewers as "anon:<id>". The viewer page mints the id when the cookie is absent (a server component cannot set cookies, so the tracking script persists it client-side) and passes it into the tracking token. recordOpen's existing per-viewer logic then notifies once per distinct browser while a refresh by the same browser still dedupes; verified viewers keep being keyed by email. The id is a dedup bucket, not an identity, so a client-set cookie is fine. displayViewer renders "anon:<id>" as anon-<id>. Tests: trackingContext keys distinct browsers distinctly and ignores the id for a verified viewer; recordOpen treats two browsers as two first opens and a repeat as not-first; the viewer page persists the cookie. Live-smoked the cookie round-trip: no cookie mints a fresh id, a sent cookie is reused (refresh dedupes), and a new visitor gets a different id.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The bug
On a tracked link without email verification, every anonymous viewer was bucketed under the constant string
"anon".recordOpendecides "first open" per viewer, and/api/trackonly notifies on a first open, so after the very first anonymous open the owner's notification never fired again, no matter how many different people opened the link. "Email me when a viewer opens it" effectively meant "email me about the first viewer, ever."The fix
Give each browser a stable id via a first-party
sentou_vidcookie and key anonymous viewers asanon:<id>:path=/, ~1yr,SameSite=Lax) and passes it into the server-signed tracking token.recordOpen's existing per-viewer first-open logic then does the right thing with no change: distinct browsers are distinct viewers (one notification each), while a refresh by the same browser reuses the id and dedupes.displayViewerin the analytics page rendersanon:<id>asanon-<id>so distinct anonymous viewers read as distinct rows.Chosen behavior (per product decision): one notification per distinct browser, and a refresh by the same person does not re-notify.
Verification
npm run typecheckcleannpm run lintcleannpm test245/245 (added 3:trackingContextkeys distinct browsers distinctly and ignores the id for a verified viewer;recordOpentreats two browsers as two first-opens and a repeat as not-first; the viewer page persists the cookie)npm run buildexit 0sentou_vidcookie reuses that exact id (so a refresh dedupes), and a subsequent no-cookie request gets a different id (distinct visitors stay distinct).