I need to send Measurement Protocol, but clietID cookie may not exist. ClientID is required parameter. What to do in this case? Generate it? In which way?
(I need to do in on PHP)
The clientId is used to tie up the session. You can post a dummy clientId as a UUID, but the event will be stored in a new session. Take a look at Client Id section within Measurement Protocol - more information on UUID can be found inside of A Universally Unique IDentifier (UUID) URN Namespace
If you are working with a User (as opposed to standard) View, the UserId can be used to tie multiple sessions together, providing the UserId (UID) matches
If anyone else have the problem that hits wont get registered, if cid is empty, I just found out that the docs are wrong:
Client ID: Optional. This field is required if User ID (uid) is not specified in the request.
cid is always required, even if uid is set. Otherwise the hit won't get registered.
Related
I'm wondering whether WebAuthN APIs can be used to identify an individual. Do any of the following hold
Can the authenticator ever return info about the individual e.g. First name, email etc
Will the authenticator always give us the same ID back for Alice when she uses this device regardless of which website I'm requesting from?
Will different devices ever give back the same ID for the same user?
Can the authenticator ever return info about the individual e.g. First name, email etc
It can if you set personally-identifying information to the value of user.id in the options you pass to navigator.credentials.create(). Also referred to as the "user handle", the spec includes a section specifically about how this value is one way the API can leak personally-identifying information if you're not careful what value you set user.id to.
Will the authenticator always give us the same ID back for Alice when she uses this device regardless of which website I'm requesting from?
The authenticator will not give back the same ID on every website. Every successful invocation of navigator.credentials.create() generates a unique credential bound to the website, meaning every website would have to use the same value for Alice's internal user ID for this to even have a chance of happening. And for any given website the authenticator only gives back the value of user.id (as passed into navigator.credentials.create()) as userHandle in the response from navigator.credentials.get() when Alice logs into that site.
Will different devices ever give back the same ID for the same user?
Different registered authenticators would give back the same ID for Alice provided you specify the same value for user.id whenever Alice registers an authenticator.
I would like to create a Google Calendar event with a URL having a predefined eventId, so that if user want to modify the event later I can redirect him to the Event using predefined eventId stored in database.
You can use the events.insert method as specified there: https://developers.google.com/calendar/v3/reference/events/insert
You can pass a custom Id on the requestBody of your query that you can use later, alongside your calendarId, to edit your event through the update or patch method.
Follow the guidelines when generating your custom Id:
Provided IDs must follow these rules:
characters allowed in the ID are those used in base32hex encoding, i.e. lowercase letters a-v and digits 0-9, see section 3.1.2 in
RFC2938
the length of the ID must be between 5 and 1024 characters
the ID must be unique per calendar
Due to the globally distributed nature of the system, we cannot guarantee that ID collisions will be detected at event creation time.
To minimize the risk of collisions we recommend using an established
UUID algorithm such as one described in RFC4122. -If you do not
specify an ID, it will be automatically generated by the server.
I have been trying to understand the concept behind google client id, set as fullvisitor id in BigQuery Export Schema
I know that to define a session, a unique combination of fullvisitorid and visitid has to be found.
However,I couldn't find a good explanation regarding how google defines this id, and how permanent it is across sessions.
Thank you very much!
I'm not sure about what you didn't understand, but the client id is generated on the user's browser when the GA script is initialised and stored in the cookie.
After that, every hit sent by that instance of the script [that has the cookie] will have the cid value as the client id.
When implementing GA you can also set that value yourself if you want. Although there are better ways for doing that.
Here's some documentation on the cid and here is how the session is defined (thus how the session id is derived during data collection)
The question is, next, gmp has the ability to pass payload, where the mandatory field is clientId. However, there is an additional UserId field. Sending requests for the Google Measurment Protocol is carried out from the server, and it is not possible to get the clientId to send a request for a number of factors. However, on the client side, it is possible to bind the clientId to the UserId (in the google tag manager). Hence the question is why do I need to pass the clientId to the mandatory field, if I can pass userId and the analyst in theory should match this userId with the client. Actually, how to be in this case, ie whether the google analytics really associate userId <-> clientId and what to transfer instead of clientId in queries.
ClientID field is mandatory but you should consider two options:
Storing the cliendID since this value is available client side on the _ga cookie.
If that is not possible you will need to generate a random clientID and use it along with the UserID.
The first one is the ideal one since non of you metrics will be affected but sometimes it is just not possible to do it. The second one will match the the clientIDs under a single UserID but only under userID views.
The key in this field is to use NI (non interaction) on your hits send by measurement protocol.
Example:
I made a pageview manually (Measurement protocol bit with interaction) with a UID X and later i send a transaction with another ClientID but the same UID.
Normal view:
UserID view:
hope it helps!
I'm building a simple web form which allows user to edit there data like email, emergency contact etc.
The edit form is rendered using Asp.NET MVC 5. Proper html fields are rendered for Id, email, emergency contact etc.
Lets say the request to save the data is received by the following controller method.
SaveData(recordId, email, emergencyContact)
{
;
}
Question: How do I make sure that recordId was indeed the id that was rendered as part of the edit form? We don't want this user to update another user's record.
I have the following options in mind
1. Create a hash of the record id and send the hash as well.
2. Ensure user is authorized to modify the record indicated in given record id.
Is there any other way? Does MVC 5 provide any features so that I don't have to put this sort of logic in my application logic?
Typical approaches are:
Store the ID of the record as a hidden field. If you are concerned with hijacking, encrypt the value and decrypt on the server.
Store the ID of the record in session; this way, you always pull back the record and keep the value on the server. But when session dies, so does the link to the record.
Yes I'd highly recommend check permissions to the record if you store the ID in the URL.