@mattab opened this Issue on November 21st 2016 Owner

-> when token_auth is invalid (or not set) and cdt is set with an old timestamp that require authentication, we should skip tracking the request instead of tracking it with the "current datetime".

Context

Currently one can override the request datetime in a Tracking API request by setting cdt parameter. see documentation: http://developer.piwik.org/api-reference/tracking-api#other-parameters-require-authentication-via-token_auth

As discussed in https://github.com/piwik/piwik/issues/9939 when the token_auth is not correct, currently the request is tracked using the current date time. This actually create invalid data and hard to detect the issue (ie. many requests could be tracked at once when a device comes online and old data tracked).

@tsteur commented on November 21st 2016 Owner

Ideally we also need to make it configurable re how far in the back it is possible to track without needing token. Maybe we could also change default value from 4 hours to 24 hours?

@mattab commented on November 21st 2016 Owner

+1 (configurable + default to 24 hours)

This Issue was closed on December 1st 2016
Powered by GitHub Issue Mirror