[!!!][FEATURE] Enrich fingerprint hash with IP address

Tracking purely based on device fingerprinting lead to some issues, namely mobile browsers working more towards sandboxing requests so that device hashes end up being the same across the same line of devices. This makes individual tracking unreliable and in the case of Lux leads to some leads that contain several different people in them. This change enriches the fingerprint with the users IP address and hashes it again, leading to a more unique identification value. Negative impact of this change: * (BREAKING) Previously identified users can't be identified anymore, as the calculated fingerprint value has changed. * Compared to before, we now create _more_ unique users than before, as IP addresses (usually) change on the regular for home connections or when switching wi-fi/cellular networks. Related: https://projekte.in2code.de/issues/67221
in2code-de · Oct 15, 2024 · 7d3cd72 · 7d3cd72 · Mabahe · Nov 14, 2024
1 parent 2358785
commit 7d3cd72
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/Classes/Domain/Model/Fingerprint.php b/Classes/Domain/Model/Fingerprint.php
@@ -7,6 +7,7 @@
 use In2code\Lux\Exception\FingerprintMustNotBeEmptyException;
 use In2code\Lux\Utility\BackendUtility;
 use In2code\Lux\Utility\EnvironmentUtility;
+use In2code\Lux\Utility\IpUtility;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 use WhichBrowser\Parser;
 
@@ -52,7 +53,7 @@ public function setValue(string $value): self
         if (strlen($value) === 33) {
             $this->setType(self::TYPE_STORAGE);
         }
-        $this->value = $value;
+        $this->value = hash('sha256', $value . IpUtility::getIpAddress());
         return $this;
     }