report from Peter:
I think I found a bug in the tracker which affects every user. One of my customers wondered about having single Visitors who have actions with different IP adresses at peak hours.
After searching for a possible issue in the visitor recognition, I think I found the issue - it occurs, when visitors with the same userAgent / OS / Browserfeatures (which pretty much applies to every iPad / iPhone with the same iOS) accesses a page at the same second. These visits will all get the same visitor-ID. The cause of that can be found in piwik.js line 1489 (version 06ac8c0). This is because the IP-Address (or anonymized IP or any other unique salt) is not part of the hashing function, only userAgent,platform,features and the timestamp (in seconds). It is hard to track down in the stats, but this could be a quite big error in every piwik instance with more than one visitor per second
Can anybody confirm this?
possible fixes - "nowTs" should be replaced by something like "nowTsMs", a millisecond timestamp to reduce collisions. But this is not ideal, because there are instances with 200 and more visitors per second, so there will be collisions again
-> random salt
report from Peter:
I think I found a bug in the tracker which affects every user. One of my customers wondered about having single Visitors who have actions with different IP adresses at peak hours.
After searching for a possible issue in the visitor recognition, I think I found the issue - it occurs, when visitors with the same userAgent / OS / Browserfeatures (which pretty much applies to every iPad / iPhone with the same iOS) accesses a page at the same second. These visits will all get the same visitor-ID. The cause of that can be found in piwik.js line 1489 (version 06ac8c0). This is because the IP-Address (or anonymized IP or any other unique salt) is not part of the hashing function, only userAgent,platform,features and the timestamp (in seconds). It is hard to track down in the stats, but this could be a quite big error in every piwik instance with more than one visitor per second
Can anybody confirm this?
possible fixes - "nowTs" should be replaced by something like "nowTsMs", a millisecond timestamp to reduce collisions. But this is not ideal, because there are instances with 200 and more visitors per second, so there will be collisions again
-> random salt