HTTP Tracking API behaviour with incorrect token_auth

I’ve been testing piwik on a virtual machine by feeding data through the tracking API. Yesterday after the upgrade my admin user was logged out and since I did not remember the password I used the “forgot password” functionality to reset it.

I don’t know if it was due to the upgrade or due to resetting password, but it seems the token_auth value changed. This seemed a bit strange as I did not see any mention about it in change logs or in the dialogues for setting password (ok, there was a mention actually in the mail), but even stranger is the behaviour that followed.

I sent a few hundred thousand events to the system and got no errors, however I could not see any of the events from the UI. I saw that they had been stored in the database. I deleted the data and tried again, but once again I could not find the events… After switching to 1 year view I noticed that all the events had actually been set to current time.

I understand that current time is used by default, but what seems strange is that I was attempting to set cdt, cip, country and region values and provided a token_auth that was incorrect. With INFO loglevel there was nothing in logs that would indicate an issue and each request returned status 200. Luckily this is test data that is easy to wipe, but is this really the way it’s supposed to work or some regression?

edit: I noticed there was actually a mention of this in the email. Reason I missed it was that the virtual machine I’m testing with does not have access to an SMTP server so I was reading the password reset mail from /var/spool/mail/… on the command line. Still, one would expect either ignoring events that attempt to set cdt with an incorrect token or logging some kind of warning on the server.

Hello, thanks for the feedback. we can likely make things better here as you point out (ie. better logging when errors/warnings occurs in tracker). could you please create an issue on our tracker: Issues · piwik/piwik · GitHub and if you can, even create a pull request would be welcome!

Thanks for the reply, I created an issue

I’ll see if there are any comments on the ticket. For logging / dropping I could probably do a pull request if needed, but since what I feel would be the correct way to handle it is quite different from how it works now I’ll see what the sentiment is first (and I’m not familiar with PHP though I don’t expect that would be a problem).