WP Statistics Does Not Work With A Cache

  • Resolved arronrouse

    (@arronrouse)


    2 years, 4 months ago

    Despite the nice help page about using a cache, WP Statistics v13.2.6 and earlier cannot work properly with a cache.

    Here’s the fundamental problem in v13.2.6 class-wp-statistics-frontend.php (lines 76-81)

    // Prepare Params
    $params = array_merge(array(
    ‘_’ => time(),
    ‘_wpnonce’ => wp_create_nonce(‘wp_rest’),
    Hits::$rest_hits_key => ‘yes’,
    ), self::set_default_params());

    When there is a cache, $params is hard-coded for every visitor. It means every visitor has the same time and nonce.

    To make those parameters different for each visitor, that code needs to be moved to class-wp-statistics-api-hit.php

    If the nonce is used more than once for a visitor, the visitor’s browser will need to get it from the API and set it as a cookie or something.

    • This topic was modified 2 years, 4 months ago by arronrouse.
Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author Mostafa Soufi

    (@mostafas1990)

    Hi,

    Thank you for reporting the problem. Since the plugin does not store any data on cookies, we most-likely face a new problem due to GDPR. Any ideas? let’s talk

    Thread Starter arronrouse

    (@arronrouse)

    Hi Mostafa,
    I guess that means you’re using the nonce as a session id?

    It’s a bit of a hairball because a lot of the decision belongs with the site owner — your customer — and not with the end user — the site owner’s customer. My take is to give the site owner as much of the decision as you can or at least give them the information they need.

    The big problem here is you have no way to know if the site owner has asked the end user if cookies are allowed. Which means the options are:

    1. No cookie (nor localStorage nor sessionStorage)
    — do the fix I suggested above and generate a new nonce every time class-wp-statistics-api-hit.php gets a request
    — every visit will appear in the stats as a new visitor. On high-traffic sites that won’t matter so much. (Maybe the stats could be sorted by IP/agent?)
    — completely GDPR compliant

    2. Use a cookie (or localStorage or sessionStorage)
    — still needs the fix in the first post but with a check if the nonce exists
    — Make the site owner confirm they get end user permission to store stats cookies
    — completely GDPR compliant (because it’s the site owner who is liable not you)

    3. Use a server-side PHP session
    — I’m not a PHP dev so am not certain this would work
    — still needs the fix from the first post but with a lot more in class-wp-statistics-api-hit.php
    — completely GDPR compliant
    — would need the site owner to confirm PHP sessions are acceptable

    What would I do?
    I’d go with the 1. No Cookie option and put a friendly warning next to the Enable Cache setting in WP Statistics. Something to let the site owner know. It’s the simplest option, requires the least coding on your part and means useful stats are collected. If your users want something better, it gives you time to think.

    Hope this helps

    BTW, I really like the API route for recording the stats. If you’re maintaining two different sets of code to record hits, I’d focus on this one and steadily sunset the other one.

    Plugin Author Mostafa Soufi

    (@mostafas1990)

    Actually there are more parametes, such as referred, exclusion_match, exclusion_reason, track_all, current_page_type, current_page_type, search_query, page_uri

    Definitely, #1 would be the best way at the moment and I totally agree with you. Thanks for the detailed explanation and solution.

    Those parameters should be handled internally by API, instead of being passed on to the source, and I’m considering that.

    Thread Starter arronrouse

    (@arronrouse)

    Guessed there must be plenty of extra parameters, e.g. I didn’t see where the user agent was coming in.

    Speaking of user agent, a nice-to-have if you’re going with #1 would be for visits to be recorded as from the same visitor if there’s an IP/user agent match in the last 12 hours. That would be very little SQL and stop every visit being marked as a new visitor. But you probably already got that ??

    Plugin Author Mostafa Soufi

    (@mostafas1990)

    That’s right!

    The #1 works, but I’m not sure if the headless setup is compatible with the #1 since there is a new issue centered around this topic, and may be of interest to you!

    https://github.com/wp-statistics/wp-statistics/issues/396

    Thread Starter arronrouse

    (@arronrouse)

    Maybe it’s a remnant of the weekend but the new issue is not clicking with me — as in I don’t get it, what’s the issue? (No need to explain unless you think I can help somehow.)

    I don’t think the API needs to be completely headless, just that it needs to generate the server-side variables. Remember most of the variables will cache correctly. E.g. exclusion_match and exclusion_reason should be fine because the cached file will generate for the first visitor — logged in users normally bypass the cache. The only concern would be if you have code to exclude robots/spiders.

    Plugin Author Mostafa Soufi

    (@mostafas1990)

    That’s true, the below parameters are removed as well:

    – _wpnonce
    – page_uri
    – time
    – referred

    https://github.com/wp-statistics/wp-statistics/commit/a474f62b39cf6588283fe3a54af359eb646532eb
    https://github.com/wp-statistics/wp-statistics/commit/01a17d9375f1ce3fbf7b690a47b16e188c8f82d9

    Thread Starter arronrouse

    (@arronrouse)

    Problems seem to be fixed in v13.2.8 — WP Statistics now seems to work properly with WP Super Cache and the code looks like it should work with all other caches too.

    Thanks Mostafa ??

    Plugin Author Mostafa Soufi

    (@mostafas1990)

    That sounds great, and I’m glad to hear it! I appreciate your notifying me and your patience.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘WP Statistics Does Not Work With A Cache’ is closed to new replies.