Use cookie for anonymous user ID instead of localStorage (#15912)

2026-02-06 17:31:43 +00:00 · 2020-11-20 23:52:02 +01:00 · 2020-11-20 23:52:02 +01:00 · 56ccaf4fe8
commit 56ccaf4fe8
parent a77c221a55
4 changed files with 39 additions and 17 deletions
--- a/client/web/src/tracking/eventLogger.ts
+++ b/client/web/src/tracking/eventLogger.ts
@ -2,13 +2,14 @@ import * as uuid from 'uuid'
 import { TelemetryService } from '../../../shared/src/telemetry/telemetryService'
 import { browserExtensionMessageReceived, handleQueryEvents, pageViewQueryParameters } from './analyticsUtils'
 import { serverAdmin } from './services/serverAdminWrapper'
+import cookies from 'js-cookie'

-const uidKey = 'sourcegraphAnonymousUid'
+const ANONYMOUS_USER_ID_KEY = 'sourcegraphAnonymousUid'

 export class EventLogger implements TelemetryService {
    private hasStrippedQueryParameters = false

-    private anonUid?: string
+    private anonymousUserId?: string

    constructor() {
        // EventLogger is never teared down
@ -66,18 +67,25 @@ export class EventLogger implements TelemetryService {
     * on a Sourcegraph instance to see a count of unique users on a daily,
     * weekly, and monthly basis).
     */
-    public getAnonUserID(): string {
-        if (this.anonUid) {
-            return this.anonUid
+    public getAnonymousUserID(): string {
+        let anonymousUserId =
+            this.anonymousUserId || cookies.get(ANONYMOUS_USER_ID_KEY) || localStorage.getItem(ANONYMOUS_USER_ID_KEY)
+        if (!anonymousUserId) {
+            anonymousUserId = uuid.v4()
        }
-
-        let id = localStorage.getItem(uidKey)
-        if (id === null || id === '') {
-            id = uuid.v4()
-            localStorage.setItem(uidKey, id)
-        }
-        this.anonUid = id
-        return this.anonUid
+        // Use cookies instead of localStorage so that the ID can be shared with subdomains (about.sourcegraph.com).
+        // Always set to renew expiry and migrate from localStorage
+        cookies.set(ANONYMOUS_USER_ID_KEY, anonymousUserId, {
+            // 365 days expiry, but renewed on activity.
+            expires: 365,
+            // Enforce HTTPS
+            secure: true,
+            // We only read the cookie with JS so we don't need to send it cross-site nor on initial page requests.
+            sameSite: 'Strict',
+        })
+        localStorage.removeItem(ANONYMOUS_USER_ID_KEY)
+        this.anonymousUserId = anonymousUserId
+        return anonymousUserId
    }
 }

--- a/client/web/src/user/settings/backend.tsx
+++ b/client/web/src/user/settings/backend.tsx
@ -71,7 +71,7 @@ export function logUserEvent(event: UserEvent): void {
                }
            }
        `,
-        { event, userCookieID: eventLogger.getAnonUserID() }
+        { event, userCookieID: eventLogger.getAnonymousUserID() }
    )
        .pipe(
            map(({ data, errors }) => {
@ -109,7 +109,7 @@ export function logEvent(event: string, eventProperties?: any): void {
        `,
        {
            event,
-            userCookieID: eventLogger.getAnonUserID(),
+            userCookieID: eventLogger.getAnonymousUserID(),
            url: window.location.href,
            source: EventSource.WEB,
            argument: eventProperties && JSON.stringify(eventProperties),
--- a/package.json
+++ b/package.json
@ -127,6 +127,7 @@
    "@types/highlight.js": "9.12.4",
    "@types/is-absolute-url": "3.0.0",
    "@types/jest": "26.0.15",
+    "@types/js-cookie": "^2.2.6",
    "@types/jsdom": "12.2.4",
    "@types/lodash": "4.14.165",
    "@types/marked": "1.1.0",
@ -286,6 +287,7 @@
    "highlightjs-graphql": "^1.0.1",
    "is-absolute-url": "^3.0.3",
    "iterare": "^1.2.1",
+    "js-cookie": "^2.2.1",
    "lodash": "^4.17.20",
    "marked": "^1.1.1",
    "mdi-react": "^7.3.0",
--- a/yarn.lock
+++ b/yarn.lock
@ -2804,7 +2804,8 @@
  integrity sha512-KWxkyphmlwam8kfYPSmoitKQRMGQCsr1ZRmNZgijT7ABKaVyk/+I5ezt2J213tM04Hi0vyg4L7iH1VCkNvm2Jw==

 "@sourcegraph/extension-api-types@link:client/packages/@sourcegraph/extension-api-types":
-  version "2.1.0"
+  version "0.0.0"
+  uid ""

 "@sourcegraph/prettierrc@^3.0.3":
  version "3.0.3"
@ -4025,6 +4026,11 @@
    jest-diff "^25.2.1"
    pretty-format "^25.2.1"

+"@types/js-cookie@^2.2.6":
+  version "2.2.6"
+  resolved "https://registry.npmjs.org/@types/js-cookie/-/js-cookie-2.2.6.tgz#f1a1cb35aff47bc5cfb05cb0c441ca91e914c26f"
+  integrity sha512-+oY0FDTO2GYKEV0YPvSshGq9t7YozVkgvXLty7zogQNuCxBhT9/3INX9Q7H1aRZ4SUDRXAKlJuA4EA5nTt7SNw==
+
 "@types/js-yaml@^3.11.2", "@types/js-yaml@^3.12.5":
  version "3.12.5"
  resolved "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-3.12.5.tgz#136d5e6a57a931e1cce6f9d8126aa98a9c92a6bb"
@ -14119,6 +14125,11 @@ jetpack-id@1.0.0:
  resolved "https://registry.npmjs.org/jetpack-id/-/jetpack-id-1.0.0.tgz#2cf9fbae46d8074fc16b7de0071c8efebca473a6"
  integrity sha1-LPn7rkbYB0/Ba33gBxyO/rykc6Y=

+js-cookie@^2.2.1:
+  version "2.2.1"
+  resolved "https://registry.npmjs.org/js-cookie/-/js-cookie-2.2.1.tgz#69e106dc5d5806894562902aa5baec3744e9b2b8"
+  integrity sha512-HvdH2LzI/EAZcUwA8+0nKNtWHqS+ZmijLA30RwZA0bo7ToCckjK5MkGhjED9KoRcXO6BaGI3I9UIzSA1FKFPOQ==
+
 js-select@~0.6.0:
  version "0.6.0"
  resolved "https://registry.npmjs.org/js-select/-/js-select-0.6.0.tgz#c284e22824d5927aec962dcdf247174aefb0d190"
@ -20959,7 +20970,8 @@ sourcegraph@^24.0.0:
  integrity sha512-PlGvkdBy5r5iHdKAVNY/jsPgWb3oY+2iAdIQ3qR83UHhvBFVgoctDAnyfJ1eMstENY3etBWtAJ8Kleoar3ecaA==

 "sourcegraph@link:client/packages/sourcegraph-extension-api":
-  version "24.7.0"
+  version "0.0.0"
+  uid ""

 space-separated-tokens@^1.0.0:
  version "1.1.2"