From 7d3cd72db5c23839c750f79cc78ff7bdd3effb4f Mon Sep 17 00:00:00 2001 From: Andreas Nedbal Date: Tue, 15 Oct 2024 14:36:10 +0200 Subject: [PATCH] [!!!][FEATURE] Enrich fingerprint hash with IP address Tracking purely based on device fingerprinting lead to some issues, namely mobile browsers working more towards sandboxing requests so that device hashes end up being the same across the same line of devices. This makes individual tracking unreliable and in the case of Lux leads to some leads that contain several different people in them. This change enriches the fingerprint with the users IP address and hashes it again, leading to a more unique identification value. Negative impact of this change: * (BREAKING) Previously identified users can't be identified anymore, as the calculated fingerprint value has changed. * Compared to before, we now create _more_ unique users than before, as IP addresses (usually) change on the regular for home connections or when switching wi-fi/cellular networks. Related: https://projekte.in2code.de/issues/67221 --- Classes/Domain/Model/Fingerprint.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Classes/Domain/Model/Fingerprint.php b/Classes/Domain/Model/Fingerprint.php index e99f4a00..e09d57f9 100644 --- a/Classes/Domain/Model/Fingerprint.php +++ b/Classes/Domain/Model/Fingerprint.php @@ -7,6 +7,7 @@ use In2code\Lux\Exception\FingerprintMustNotBeEmptyException; use In2code\Lux\Utility\BackendUtility; use In2code\Lux\Utility\EnvironmentUtility; +use In2code\Lux\Utility\IpUtility; use TYPO3\CMS\Core\Utility\GeneralUtility; use WhichBrowser\Parser; @@ -52,7 +53,7 @@ public function setValue(string $value): self if (strlen($value) === 33) { $this->setType(self::TYPE_STORAGE); } - $this->value = $value; + $this->value = hash('sha256', $value . IpUtility::getIpAddress()); return $this; }