Serialize new session cookie synchronously to avoid overlapping sessions (close #1381)

PR #1382

Author: matus-tomlein

common/changes/@snowplow/browser-tracker-core/issue-duplicate_sessions_2024-11-18-13-57.json

@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@snowplow/browser-tracker-core",
+      "comment": "Serialize new session cookie synchronously to avoid overlapping sessions (#1381)",
+      "type": "none"
+    }
+  ],
+  "packageName": "@snowplow/browser-tracker-core"
+}

common/changes/@snowplow/javascript-tracker/issue-duplicate_sessions_2024-11-18-13-57.json

@@ -0,0 +1,10 @@
+{
+  "changes": [
+    {
+      "packageName": "@snowplow/javascript-tracker",
+      "comment": "Serialize new session cookie synchronously to avoid overlapping sessions (#1381)",
+      "type": "none"
+    }
+  ],
+  "packageName": "@snowplow/javascript-tracker"
+}

common/config/rush/pnpm-lock.yaml

@@ -1,5 +1,5 @@
 // DO NOT MODIFY THIS FILE MANUALLY BUT DO COMMIT IT. It is generated and used by Rush.
 {
-  "pnpmShrinkwrapHash": "6693fc661ad5b6461d8a0fbbecf81c5f61d703bb",
+  "pnpmShrinkwrapHash": "77e8d084b2ff087ff8f5dfa5df436f42dbaa623c",
   "preferredVersionsHash": "bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f"
 }

common/config/rush/repo-state.json

@@ -44,18 +44,18 @@ export interface CookieStorage {
    * @param secure - Boolean to specify if cookie should be secure
    */
   deleteCookie(name: string, path?: string, domainName?: string, sameSite?: string, secure?: boolean): void;
+
+  /**
+   * Write all pending cookies.
+   */
+  flush(): void;
 }
 
 export interface AsyncCookieStorage extends CookieStorage {
   /**
    * Clear the cookie storage cache (does not delete any cookies)
    */
   clearCache(): void;
-
-  /**
-   * Write all pending cookies.
-   */
-  flush(): void;
 }
 
 interface Cookie {
@@ -203,5 +203,6 @@ export const syncCookieStorage: CookieStorage = {
     cookie(name, value, ttl, path, domain, samesite, secure);
     return document.cookie.indexOf(`${name}=`) !== -1;
   },
-  deleteCookie
+  deleteCookie,
+  flush: () => {},
 };

libraries/browser-tracker-core/src/tracker/cookie_storage.ts

@@ -701,6 +701,11 @@ export function Tracker(
         // Update currentVisitTs
         updateNowTsInIdCookie(idCookie);
         setDomainUserIdCookie(idCookie);
+
+        if (!eventIndexFromIdCookie(idCookie)) {
+          // Synchronously update the cookies to persist the new session ASAP
+          cookieStorage.flush();
+        }
       }
     }
 
@@ -920,6 +925,9 @@ export function Tracker(
               onSessionUpdateCallback &&
               !manualSessionUpdateCalled
             ) {
+              // Synchronously update the cookies to persist the new session ASAP
+              cookieStorage.flush();
+
               onSessionUpdateCallback(clientSession);
               manualSessionUpdateCalled = false;
             }
@@ -969,6 +977,10 @@ export function Tracker(
         const clientSession = clientSessionFromIdCookie(idCookie, configStateStorageStrategy, configAnonymousTracking);
         setDomainUserIdCookie(idCookie);
         const sessionIdentifierPersisted = setSessionCookie();
+
+        // Synchronously update the cookies to persist the new session ASAP
+        cookieStorage.flush();
+
         if (sessionIdentifierPersisted && onSessionUpdateCallback) {
           manualSessionUpdateCalled = true;
           onSessionUpdateCallback(clientSession);

libraries/browser-tracker-core/src/tracker/index.ts

@@ -75,8 +75,12 @@ export function createTestSessionIdCookie(params?: CreateTestSessionIdCookie) {
   return `_sp_ses.${domainHash}=*; Expires=; Path=/; SameSite=Lax; Secure;`;
 }
 
-export function createTracker(configuration?: TrackerConfiguration, sharedState?: SharedState) {
+export function createTracker(
+  configuration?: TrackerConfiguration,
+  sharedState?: SharedState,
+  syncCookieWrite: boolean = true
+) {
   let id = 'sp-' + Math.random();
-  configuration = { ...configuration, synchronousCookieWrite: true };
+  configuration = { ...configuration, synchronousCookieWrite: syncCookieWrite };
   return addTracker(id, id, '', '', sharedState ?? new SharedState(), configuration);
 }

libraries/browser-tracker-core/test/helpers/index.ts

@@ -57,6 +57,15 @@ describe('Tracker API: ', () => {
     jest.clearAllMocks();
   });
 
+  it('Writes cookies synchronously on session change', () => {
+    const tracker = createTracker(undefined, undefined, false); // async cookie writes enabled
+
+    expect(cookieJar).toContain('_sp_ses');
+
+    tracker?.newSession();
+    expect(cookieJar).toContain(tracker?.getDomainUserInfo().slice(1).join('.'));
+  });
+
   it('Sets initial domain session index on first session', () => {
     const tracker = createTracker();
 

libraries/browser-tracker-core/test/tracker/session_data.test.ts

@@ -87,7 +87,7 @@
     "@wdio/static-server-service": "~8.39.0",
     "@wdio/types": "~8.39.0",
     "chalk": "4.1.2",
-    "chromedriver": "~129.0.0",
+    "chromedriver": "~131.0.0",
     "dockerode": "~3.3.1",
     "jest": "~27.5.1",
     "jest-environment-jsdom": "~27.5.1",

trackers/javascript-tracker/package.json

@@ -0,0 +1,24 @@
+import { fetchResults } from '../micro';
+import { pageSetup } from './helpers';
+
+describe('Tracker created domain cookies across multiple pages', () => {
+  let log: Array<unknown> = [];
+  let testIdentifier = '';
+
+  beforeAll(async () => {
+    testIdentifier = await pageSetup();
+    await browser.url('/multi_page_cookies');
+    await browser.pause(5000);
+
+    log = await browser.call(async () => await fetchResults());
+    log = log.filter((ev) => (ev as any).event.app_id === 'cookies-iframe-' + testIdentifier);
+  });
+
+  it('all events should have the same session id', () => {
+    expect(log.length).toBeGreaterThanOrEqual(15);
+
+    const sessionIds = log.map((ev) => (ev as any).event.domain_sessionid);
+    const uniqueSessionIds = Array.from(new Set(sessionIds));
+    expect(uniqueSessionIds.length).toBe(1);
+  });
+});