hasjob icon indicating copy to clipboard operation
hasjob copied to clipboard

Published 20 hours ago verified publisher icon hasgeek

Moving anon user tracking from image element to form submit

Open iambibhas opened this issue 6 years ago • 2 comments

Anytime the site is loaded and there is -

  • a scroll event
  • a mouse pointer move event

the anon user session is set using a form submit.

Fixes #409.

iambibhas avatar Apr 03 '18 20:04 iambibhas

@iambibhas Here is how this is supposed to work.

First, we recognise three states for a user's identity:

  1. Unknown: We know nothing about this client. It's new, and it could be a bot or a user, but we don't know yet.
  2. Anon User: The client is behaving like a user using a browser, so we believe this is a human.
  3. User: The user has explicitly logged in.

When the user transitions from stage 2 to stage 3, we want to preserve their browsing history. This is why we do g.anon_user.user = g.user following which we set g.anon_user = None. The session is retained on the anon user account, because the browsing activity was anonymous, but we link the anon user account to the regular user account for future use (it's meant for keeping track of A/B test behaviour: if they were shown A or B before they logged in, we need to remember which one they were shown even after they logged in).

The transition from stage 1 to 2 is trickier. At stage 1, it could be a scraping bot causing a lot of traffic. We don't want to track session history for that, but we also don't want to lose the history of a client that turns out to be an anon user. Therefore:

  1. Assign a probe cookie session['au'] = uuid4() to every incoming request.
  2. Create a non-persistent EventSession and give it the same user id. Save it to Redis cache with a 5 minute timeout.
  3. When the anonsession API endpoint is called (previously, the sniffle endpoint), create an AnonUser account with the same userid, retrieve the session from cache, and now save it to the database.

A bot will also create a Redis EventSession entry, but it will be auto-discarded in five minutes.

jace avatar Apr 27 '18 07:04 jace

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

CLAassistant avatar May 16 '22 15:05 CLAassistant