You can clone with
HTTPS or Subversion.
Reported in this post.
Happens in ~ 1.6% of cases on the demo
It happens I think when the first party cookie (or third party cookie if you use it) is different on every page view (or you force it using the tracking API &cid=XYZ parameter).
(In ) Refs #3022 Always using first seen idvisitor