Same UserId Being Reused By Different Anonymous Sessions

For general questions and discussions specific to the AbleCommerce GOLD ASP.Net shopping cart software.
Post Reply
nethrelm
Lieutenant (LT)
Lieutenant (LT)
Posts: 61
Joined: Thu May 09, 2013 4:47 pm

Same UserId Being Reused By Different Anonymous Sessions

Post by nethrelm » Wed Nov 06, 2019 2:33 pm

So I've run into this several times over the past few years and it was strange but never caused a real "problem" for us until recently. What seems to be happening is that, sometimes, a given UserId will get assigned to an anonymous visitor, and that same UserId will also get assigned to a different anonymous visitor, so when you review the ac_PageViews table you will see a bunch of records that have the same UserId, but different IP Addresses, User Agents, etc. Further, this only seems to happen on the initial request. If a subsequent request is made during the same session a new UserId is issued, which you can see in the attached screen shot from SSMS where I've queried the ac_PageViews table. The two records with black boxes around them are me making two requests. The first request I have the same UserId as all the other anonymous requests (you can see clearly that virtually every record has the same UserId, but they are all different IPs), but then on the very next request I now have a unique UserId.

I am assuming right now that this is the result of a collision caused by two requests coming in at the same time, but then for some reason it keeps reusing the same ID over and over, only issuing a new one when a session makes more than one request. I am assuming this because I haven't been able to reproduce the behavior on my development machine, but it happens on the live server where many, many more requests are being handled at once. Any idea what's going on here, how to fix it, and more importantly: am I going to run into this same problem in the new version (AC9)?

Edit: Attaching the image didn't work. I'm including it here, linked to my google drive instead:
https://drive.google.com/open?id=19ofOs ... 73Sgp5tBwN

Edit 2: Not sure what I was thinking, but it turns out this is actually very easy to reproduce even locally. Just use an incognito (or guest) window. So, basically any time you don't already have cookie information, this is what happens. Possibly an NHibernate caching issue?

User avatar
Shopping Cart Admin
AbleCommerce Admin
AbleCommerce Admin
Posts: 3055
Joined: Mon Dec 01, 2003 8:41 pm
Location: Vancouver, WA
Contact:

Re: Same UserId Being Reused By Different Anonymous Sessions

Post by Shopping Cart Admin » Wed Nov 13, 2019 7:06 pm

It's working as intended. We didn't want to load up the user table with millions of records due to spiders and bots.
Thanks for your support

Shopping Cart Guru
AbleCommerce.com
Follow us on Facebook

nethrelm
Lieutenant (LT)
Lieutenant (LT)
Posts: 61
Joined: Thu May 09, 2013 4:47 pm

Re: Same UserId Being Reused By Different Anonymous Sessions

Post by nethrelm » Thu Nov 14, 2019 12:20 pm

Okay, but I need to be able to change this behavior. I need to respond to the first request from a user accurately and I can't do that when the user data is some crazy amalgamation of various random visitors. My understanding after talking to Katie (who pointed me to another thread discussing this) is that it has to do with some bot detection code? Can't I disable/change that, or is it in the Licensing library? I don't care about the users table getting bloated -- that's what anonymous user maintenance is for. The solution in the thread she pointed me to doesn't address my issue, it only resolves the issue of first time visitors sharing the same basket. I have a bigger problem than that. I can get into the details if you want, but basically it has to do with Affiliates getting assigned to this "default" account that gets used on the first request, and me needing to accurately detect an affiliate visitor on their first request. You should be able to see the problem here. Garbage in, garbage out.

User avatar
mazhar
Master Yoda
Master Yoda
Posts: 5084
Joined: Wed Jul 09, 2008 8:21 am
Contact:

Re: Same UserId Being Reused By Different Anonymous Sessions

Post by mazhar » Mon Nov 18, 2019 4:46 am

The code is in WebUserLocator class under CommerceBuilder project. Check its Locate method and see the code comments.

nethrelm
Lieutenant (LT)
Lieutenant (LT)
Posts: 61
Joined: Thu May 09, 2013 4:47 pm

Re: Same UserId Being Reused By Different Anonymous Sessions

Post by nethrelm » Mon Nov 18, 2019 1:06 pm

Thank you mazhar, I appreciate that. Can you tell me if the code in WebUserLocator was changed between CommerceBulder version 7.86.5078.20807 (this is the version of the source code I have), and CommerceBuilder version 7.92.6513.13166 (this is the version we are actually running)? The reason I ask is that when I created a CustomUserLocator -- which to start off with contained the existing code from the older 7.86 version of WebUserLocator -- and registered it with the windsor.config and started running tests, it no longer seems to be reusing the same user account when I make new incognito/guest window (i.e., cookieless and anonymous) requests; looking at the code I don't see why it would, and I don't see any mention of bot detection or similar in any of the comments. I want to make sure that the code is actually different between the versions (I've had the 7.92 code behave normally before... temporarily), and also that I'm not missing something else from one of the updates in between the versions that might be important to me. Thanks again.

User avatar
Katie
AbleCommerce Admin
AbleCommerce Admin
Posts: 2651
Joined: Tue Dec 02, 2003 1:54 am
Contact:

Re: Same UserId Being Reused By Different Anonymous Sessions

Post by Katie » Fri Nov 22, 2019 5:25 pm

There was one update made on Oct. 26, 2016 to fix issue (ID AC8-3234) Affiliate not getting associate with user.

This was made part of the Gold R12 SR2 and is likely what you are trying to fix for your build.

If you have kept your subscription current, then you can get all versions of the source code that we have available. This should make it easy for you to find the differences between Gold R8 and R12..

Thanks
Katie
Thank you for choosing AbleCommerce!

http://help.ablecommerce.com - product support
http://wiki.ablecommerce.com - developer support

nethrelm
Lieutenant (LT)
Lieutenant (LT)
Posts: 61
Joined: Thu May 09, 2013 4:47 pm

Re: Same UserId Being Reused By Different Anonymous Sessions

Post by nethrelm » Fri Nov 22, 2019 6:37 pm

Katie,

Our Source Code subscription expired on 5/7/2018, but I never got updated Source Code entries in my Downloads area for my account even while it was active. Any time I needed them I had to get someone on the phone and they eventually provided them. I don't know why they didn't just automatically show up in my Downloads, but they didn't. I don't suppose I can get the updated code anyway since I should have had it a long time ago?

User avatar
Katie
AbleCommerce Admin
AbleCommerce Admin
Posts: 2651
Joined: Tue Dec 02, 2003 1:54 am
Contact:

Re: Same UserId Being Reused By Different Anonymous Sessions

Post by Katie » Sat Nov 23, 2019 7:48 am

What is the domain the source code is licensed to?
Thank you for choosing AbleCommerce!

http://help.ablecommerce.com - product support
http://wiki.ablecommerce.com - developer support

nethrelm
Lieutenant (LT)
Lieutenant (LT)
Posts: 61
Joined: Thu May 09, 2013 4:47 pm

Re: Same UserId Being Reused By Different Anonymous Sessions

Post by nethrelm » Mon Nov 25, 2019 12:07 pm

www.onlinescuba.com
Also, the order number was 30833.

Post Reply