mbuzz 0.6.8 → 0.7.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0f4cc2a9e5dd77624d8c645e32752658da3ba5ce9464ade31c55571c96abd060
-  data.tar.gz: c26d4c8262ba89782b429e685d082c38688dea435ecb35cfb861ec7c97173b3b
+  metadata.gz: eb41261b9e19c46609f4e7a8867d73b5a902acecc3db3362b4a47e2cacefa9db
+  data.tar.gz: ce644b10fa63055065960bb72a61eb53077d4bbe110eac40ed5bd6918d2487c1
 SHA512:
-  metadata.gz: 28ad02efc0768a343e259f7beb5828974fc8c818073f46e2f37d36b85e813806f158d66a3d2890aa208ba501b2236c06e863201b4297d3c4266f404cf138eabd
-  data.tar.gz: c410f3fa9c054560f14578c5618af4735359a793b63ecf3435e33653eeaa7ad13624003d9e00ca874660443ed1eb32bbec63ba2c40ec6a4ca45866b6263dc6e5
+  metadata.gz: 03bed0944d6ee7286e4f002d05032c8ced19d013da1dae69d429046b1ebad510cae67510d48d9af53fac8a8832a1a1495657c6b671a16976fabb5eb8ec316f3d
+  data.tar.gz: 4a0693caaa53219fbf4368c1b194722889c516e88eea6f7bfe781f7a44293659977e6691901f238f45ef66f08f367d674c2f22e6f8a63e22f3326368e6ae8f10

data/CHANGELOG.md

@@ -5,6 +5,39 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.7.0] - 2026-01-09
+
+### Breaking Changes
+
+- **Session cookie removed** - SDK no longer sets or reads `_mbuzz_sid` cookie
+- **Session ID generation removed** - Server handles all session resolution
+- **`Mbuzz.session_id` removed** - Use server-side session resolution instead
+- **`Mbuzz::Client.session()` removed** - Sessions are created server-side
+- **`session_id` parameter removed from `Client.track()`** - Not needed with server-side resolution
+
+### Added
+
+- **Cross-device identity resolution** - New `identifier` parameter for linking sessions across devices
+  - `Mbuzz.event("page_view", identifier: { email: "user@example.com" })`
+  - `Mbuzz.conversion("purchase", identifier: { email: "user@example.com" })`
+- **Conversion fingerprint fallback** - `ip` and `user_agent` parameters on `Client.conversion()`
+  - When visitor_id is not found, server can find visitor via recent session with same fingerprint
+
+### Changed
+
+- **Simplified middleware** - Only manages visitor cookie (`_mbuzz_vid`), no session handling
+- **Server-side session resolution** - All session creation and resolution happens on the API server
+  - Enables true 30-minute sliding windows (vs fixed time buckets)
+  - Eliminates duplicate visitor problem from concurrent Turbo/Hotwire requests
+  - Better cross-device tracking with identity resolution
+
+### Migration Guide
+
+1. Remove any code that reads `Mbuzz.session_id` or `_mbuzz_sid` cookie
+2. Remove any calls to `Mbuzz::Client.session()`
+3. Ensure `ip` and `user_agent` are passed to track/conversion calls (handled automatically if using middleware)
+4. Optionally add `identifier` parameter for cross-device tracking
+
 ## [0.6.8] - 2025-12-30
 
 ### Added

data/README.md

@@ -121,6 +121,63 @@ Mbuzz.user_id     # Current user ID (from session["user_id"])
 Mbuzz.session_id  # Current session ID (from cookie)
 ```
 
+## Background Jobs
+
+When tracking from background jobs (Sidekiq, GoodJob, etc.), there's no HTTP request context. Rails 7+ handles this automatically via `CurrentAttributes`.
+
+### Rails 7+ (Automatic)
+
+mbuzz uses `ActiveSupport::CurrentAttributes` which Rails automatically serializes into ActiveJob payloads:
+
+```ruby
+# In your controller - just enqueue the job
+class OrdersController < ApplicationController
+  def create
+    @order = Order.create!(order_params)
+    ProcessOrderJob.perform_later(@order.id)
+    # visitor_id is automatically captured and passed to the job
+  end
+end
+
+# In your job - mbuzz just works!
+class ProcessOrderJob < ApplicationJob
+  def perform(order_id)
+    order = Order.find(order_id)
+    # Mbuzz::Current.visitor_id was restored by Rails
+    Mbuzz.conversion("purchase", revenue: order.total)
+  end
+end
+```
+
+**How it works:**
+1. Middleware captures `visitor_id` from cookie into `Mbuzz::Current`
+2. Controller enqueues job
+3. Rails serializes `Mbuzz::Current` into job payload
+4. Job runs → Rails restores `Mbuzz::Current`
+5. `Mbuzz.conversion()` reads from `Current` - works!
+
+### Alternative: Explicit visitor_id
+
+For non-Rails apps or when you need more control:
+
+```ruby
+# Store visitor_id on your model
+class Order < ApplicationRecord
+  before_create { self.mbuzz_visitor_id = Mbuzz.visitor_id }
+end
+
+# Pass explicitly in background job
+class ProcessOrderJob
+  def perform(order_id)
+    order = Order.find(order_id)
+    Mbuzz.conversion("purchase",
+      visitor_id: order.mbuzz_visitor_id,  # Explicit
+      revenue: order.total
+    )
+  end
+end
+```
+
 ## Rack / Sinatra Integration
 
 For non-Rails apps, add the middleware manually:

data/lib/mbuzz/client/conversion_request.rb

@@ -3,7 +3,7 @@
 module Mbuzz
   class Client
     class ConversionRequest
-      def initialize(event_id:, visitor_id:, user_id:, conversion_type:, revenue:, currency:, is_acquisition:, inherit_acquisition:, properties:)
+      def initialize(event_id:, visitor_id:, user_id:, conversion_type:, revenue:, currency:, is_acquisition:, inherit_acquisition:, properties:, ip: nil, user_agent: nil, identifier: nil)
         @event_id = event_id
         @visitor_id = visitor_id
         @user_id = user_id
@@ -13,6 +13,9 @@ module Mbuzz
         @is_acquisition = is_acquisition
         @inherit_acquisition = inherit_acquisition
         @properties = properties
+        @ip = ip
+        @user_agent = user_agent
+        @identifier = identifier
       end
 
       def call
@@ -51,6 +54,7 @@ module Mbuzz
         base_payload
           .merge(optional_identifiers)
           .merge(optional_acquisition_fields)
+          .merge(fingerprint_fields)
       end
 
       def base_payload
@@ -78,6 +82,14 @@ module Mbuzz
         end
       end
 
+      def fingerprint_fields
+        {}.tap do |h|
+          h[:ip] = @ip if @ip
+          h[:user_agent] = @user_agent if @user_agent
+          h[:identifier] = @identifier if @identifier
+        end
+      end
+
       def present?(value) = value && !value.to_s.strip.empty?
       def hash?(value) = value.is_a?(Hash)
     end

data/lib/mbuzz/client/track_request.rb

@@ -3,14 +3,14 @@
 module Mbuzz
   class Client
     class TrackRequest
-      def initialize(user_id, visitor_id, session_id, event_type, properties, ip = nil, user_agent = nil)
+      def initialize(user_id, visitor_id, event_type, properties, ip = nil, user_agent = nil, identifier = nil)
         @user_id = user_id
         @visitor_id = visitor_id
-        @session_id = session_id
         @event_type = event_type
         @properties = properties
         @ip = ip
         @user_agent = user_agent
+        @identifier = identifier
       end
 
       def call
@@ -38,11 +38,11 @@ module Mbuzz
         {
           user_id: @user_id,
           visitor_id: @visitor_id,
-          session_id: @session_id,
           event_type: @event_type,
           properties: @properties,
           ip: @ip,
           user_agent: @user_agent,
+          identifier: @identifier,
           timestamp: Time.now.utc.iso8601
         }.compact
       end

data/lib/mbuzz/client.rb

@@ -3,19 +3,18 @@
 require_relative "client/track_request"
 require_relative "client/identify_request"
 require_relative "client/conversion_request"
-require_relative "client/session_request"
 
 module Mbuzz
   class Client
-    def self.track(user_id: nil, visitor_id: nil, session_id: nil, event_type:, properties: {}, ip: nil, user_agent: nil)
-      TrackRequest.new(user_id, visitor_id, session_id, event_type, properties, ip, user_agent).call
+    def self.track(user_id: nil, visitor_id: nil, event_type:, properties: {}, ip: nil, user_agent: nil, identifier: nil)
+      TrackRequest.new(user_id, visitor_id, event_type, properties, ip, user_agent, identifier).call
     end
 
     def self.identify(user_id:, visitor_id: nil, traits: {})
       IdentifyRequest.new(user_id, visitor_id, traits).call
     end
 
-    def self.conversion(event_id: nil, visitor_id: nil, user_id: nil, conversion_type:, revenue: nil, currency: "USD", is_acquisition: false, inherit_acquisition: false, properties: {})
+    def self.conversion(event_id: nil, visitor_id: nil, user_id: nil, conversion_type:, revenue: nil, currency: "USD", is_acquisition: false, inherit_acquisition: false, properties: {}, ip: nil, user_agent: nil, identifier: nil)
       ConversionRequest.new(
         event_id: event_id,
         visitor_id: visitor_id,
@@ -25,12 +24,11 @@ module Mbuzz
         currency: currency,
         is_acquisition: is_acquisition,
         inherit_acquisition: inherit_acquisition,
-        properties: properties
+        properties: properties,
+        ip: ip,
+        user_agent: user_agent,
+        identifier: identifier
       ).call
     end
-
-    def self.session(visitor_id:, session_id:, url:, referrer: nil, started_at: nil)
-      SessionRequest.new(visitor_id, session_id, url, referrer, started_at).call
-    end
   end
 end

data/lib/mbuzz/controller_helpers.rb

@@ -26,9 +26,5 @@ module Mbuzz
     def mbuzz_visitor_id
       request.env[ENV_VISITOR_ID_KEY]
     end
-
-    def mbuzz_session_id
-      request.env[ENV_SESSION_ID_KEY]
-    end
   end
 end

data/lib/mbuzz/current.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Mbuzz
+  # CurrentAttributes for automatic background job context propagation.
+  #
+  # Rails automatically serializes CurrentAttributes into ActiveJob payloads
+  # and restores them when jobs execute. This means visitor_id captured during
+  # the original request is available in background jobs without any manual
+  # passing or database storage.
+  #
+  # How it works:
+  #   1. Middleware captures visitor_id from cookie
+  #   2. Stores in Mbuzz::Current.visitor_id
+  #   3. Controller enqueues background job
+  #   4. Rails serializes Current attributes into job payload
+  #   5. Job runs on different thread/process
+  #   6. Rails restores Current.visitor_id before job executes
+  #   7. Mbuzz.event/conversion reads from Current.visitor_id
+  #
+  # This is why customers don't need to store visitor_id in their database.
+  #
+  class Current < ActiveSupport::CurrentAttributes
+    attribute :visitor_id
+    attribute :user_id
+    attribute :ip
+    attribute :user_agent
+  end
+end

data/lib/mbuzz/middleware/tracking.rb

@@ -17,14 +17,15 @@ module Mbuzz
 
         env[ENV_VISITOR_ID_KEY] = context[:visitor_id]
         env[ENV_USER_ID_KEY] = context[:user_id]
-        env[ENV_SESSION_ID_KEY] = context[:session_id]
 
-        RequestContext.with_context(request: request) do
-          create_session_if_new(context, request)
+        store_in_current_attributes(context, request)
 
+        RequestContext.with_context(request: request) do
           status, headers, body = @app.call(env)
-          set_cookies(headers, context, request)
+          set_visitor_cookie(headers, context, request)
           [status, headers, body]
+        ensure
+          reset_current_attributes
         end
       end
 
@@ -51,9 +52,7 @@ module Mbuzz
       def build_request_context(request)
         {
           visitor_id: resolve_visitor_id(request),
-          session_id: resolve_session_id(request),
-          user_id: user_id_from_session(request),
-          new_session: new_session?(request)
+          user_id: user_id_from_session(request)
         }.freeze
       end
 
@@ -61,91 +60,15 @@ module Mbuzz
         visitor_id_from_cookie(request) || Visitor::Identifier.generate
       end
 
-      def resolve_session_id(request)
-        session_id_from_cookie(request) || generate_session_id(request)
-      end
-
       def visitor_id_from_cookie(request)
         request.cookies[VISITOR_COOKIE_NAME]
       end
 
-      def session_id_from_cookie(request)
-        request.cookies[SESSION_COOKIE_NAME]
-      end
-
       def user_id_from_session(request)
         request.session[SESSION_USER_ID_KEY] if request.session
       end
 
-      def new_session?(request)
-        session_id_from_cookie(request).nil?
-      end
-
-      def generate_session_id(request)
-        existing_visitor_id = visitor_id_from_cookie(request)
-
-        if existing_visitor_id
-          Session::IdGenerator.generate_deterministic(visitor_id: existing_visitor_id)
-        else
-          Session::IdGenerator.generate_from_fingerprint(
-            client_ip: client_ip(request),
-            user_agent: user_agent(request)
-          )
-        end
-      end
-
-      def client_ip(request)
-        request.env["HTTP_X_FORWARDED_FOR"]&.split(",")&.first&.strip ||
-          request.env["HTTP_X_REAL_IP"] ||
-          request.ip ||
-          "unknown"
-      end
-
-      def user_agent(request)
-        request.user_agent || "unknown"
-      end
-
-      # Session creation
-
-      def create_session_if_new(context, request)
-        return unless context[:new_session]
-
-        create_session_async(context, request)
-      end
-
-      def create_session_async(context, request)
-        # Capture values in local variables for thread safety
-        visitor_id = context[:visitor_id]
-        session_id = context[:session_id]
-        url = request.url
-        referrer = request.referer
-
-        Thread.new do
-          create_session(visitor_id, session_id, url, referrer)
-        end
-      end
-
-      def create_session(visitor_id, session_id, url, referrer)
-        Client.session(
-          visitor_id: visitor_id,
-          session_id: session_id,
-          url: url,
-          referrer: referrer
-        )
-      rescue => e
-        log_session_error(e)
-      end
-
-      def log_session_error(error)
-        Mbuzz.config.logger&.error("Session creation failed: #{error.message}")
-      end
-
-      # Cookie setting
-
-      def set_cookies(headers, context, request)
-        set_visitor_cookie(headers, context, request)
-        set_session_cookie(headers, context, request)
-      end
+      # Cookie setting - only visitor cookie (sessions are server-side)
 
       def set_visitor_cookie(headers, context, request)
         Rack::Utils.set_cookie_header!(
@@ -155,14 +78,6 @@ module Mbuzz
         )
       end
 
-      def set_session_cookie(headers, context, request)
-        Rack::Utils.set_cookie_header!(
-          headers,
-          SESSION_COOKIE_NAME,
-          session_cookie_options(context, request)
-        )
-      end
-
       def visitor_cookie_options(context, request)
         base_cookie_options(request).merge(
           value: context[:visitor_id],
@@ -170,13 +85,6 @@ module Mbuzz
         )
       end
 
-      def session_cookie_options(context, request)
-        base_cookie_options(request).merge(
-          value: context[:session_id],
-          max_age: SESSION_COOKIE_MAX_AGE
-        )
-      end
-
       def base_cookie_options(request)
         options = {
           path: VISITOR_COOKIE_PATH,
@@ -186,6 +94,29 @@ module Mbuzz
         options[:secure] = true if request.ssl?
         options
       end
+
+      # Store context in CurrentAttributes for background job propagation
+      def store_in_current_attributes(context, request)
+        return unless defined?(Mbuzz::Current)
+
+        Mbuzz::Current.visitor_id = context[:visitor_id]
+        Mbuzz::Current.user_id = context[:user_id]
+        Mbuzz::Current.ip = extract_ip(request)
+        Mbuzz::Current.user_agent = request.user_agent
+      end
+
+      def reset_current_attributes
+        return unless defined?(Mbuzz::Current)
+
+        Mbuzz::Current.reset
+      end
+
+      def extract_ip(request)
+        forwarded = request.env["HTTP_X_FORWARDED_FOR"]
+        return forwarded.split(",").first.strip if forwarded
+
+        request.ip
+      end
     end
   end
 end

data/lib/mbuzz/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mbuzz
-  VERSION = "0.6.8"
+  VERSION = "0.7.1"
 end

data/lib/mbuzz.rb

@@ -3,13 +3,15 @@
 require_relative "mbuzz/version"
 require_relative "mbuzz/configuration"
 require_relative "mbuzz/visitor/identifier"
-require_relative "mbuzz/session/id_generator"
 require_relative "mbuzz/request_context"
 require_relative "mbuzz/api"
 require_relative "mbuzz/client"
 require_relative "mbuzz/middleware/tracking"
 require_relative "mbuzz/controller_helpers"
 
+# CurrentAttributes for automatic background job context propagation (Rails only)
+require_relative "mbuzz/current" if defined?(ActiveSupport::CurrentAttributes)
+
 require_relative "mbuzz/railtie" if defined?(Rails::Railtie)
 
 module Mbuzz
@@ -18,20 +20,15 @@ module Mbuzz
   EVENTS_PATH = "/events"
   IDENTIFY_PATH = "/identify"
   CONVERSIONS_PATH = "/conversions"
-  SESSIONS_PATH = "/sessions"
 
   VISITOR_COOKIE_NAME = "_mbuzz_vid"
   VISITOR_COOKIE_MAX_AGE = 60 * 60 * 24 * 365 * 2 # 2 years
   VISITOR_COOKIE_PATH = "/"
   VISITOR_COOKIE_SAME_SITE = "Lax"
 
-  SESSION_COOKIE_NAME = "_mbuzz_sid"
-  SESSION_COOKIE_MAX_AGE = 30 * 60 # 30 minutes
-
   SESSION_USER_ID_KEY = "user_id"
   ENV_USER_ID_KEY = "mbuzz.user_id"
   ENV_VISITOR_ID_KEY = "mbuzz.visitor_id"
-  ENV_SESSION_ID_KEY = "mbuzz.session_id"
 
   # ============================================================================
   # Configuration
@@ -68,22 +65,25 @@ module Mbuzz
   # Context Accessors
   # ============================================================================
 
+  # Returns visitor_id from Current (background jobs) or request context
   def self.visitor_id
-    RequestContext.current&.request&.env&.dig(ENV_VISITOR_ID_KEY) || fallback_visitor_id
+    current_visitor_id || RequestContext.current&.request&.env&.dig(ENV_VISITOR_ID_KEY)
   end
 
-  def self.fallback_visitor_id
-    @fallback_visitor_id ||= Visitor::Identifier.generate
+  def self.user_id
+    current_user_id || RequestContext.current&.request&.env&.dig(ENV_USER_ID_KEY)
   end
-  private_class_method :fallback_visitor_id
 
-  def self.user_id
-    RequestContext.current&.request&.env&.dig(ENV_USER_ID_KEY)
+  # Check Current attributes (for background job support)
+  def self.current_visitor_id
+    defined?(Current) ? Current.visitor_id : nil
   end
+  private_class_method :current_visitor_id
 
-  def self.session_id
-    RequestContext.current&.request&.env&.dig(ENV_SESSION_ID_KEY)
+  def self.current_user_id
+    defined?(Current) ? Current.user_id : nil
   end
+  private_class_method :current_user_id
 
   # ============================================================================
   # 4-Call Model API
@@ -92,21 +92,35 @@ module Mbuzz
   # Track an event (journey step)
   #
   # @param event_type [String] The name of the event
+  # @param visitor_id [String, nil] Explicit visitor ID (required for background jobs)
   # @param properties [Hash] Custom event properties (url, referrer auto-added)
+  # @param identifier [Hash, nil] Optional identifier for cross-device identity resolution
   # @return [Hash, false] Result hash on success, false on failure
   #
-  # @example
+  # @example Normal usage (within request context)
   #   Mbuzz.event("add_to_cart", product_id: "SKU-123", price: 49.99)
   #
-  def self.event(event_type, **properties)
+  # @example Background job (must pass explicit visitor_id)
+  #   Mbuzz.event("order_processed", visitor_id: order.mbuzz_visitor_id, order_id: order.id)
+  #
+  # @example With identifier for cross-device tracking
+  #   Mbuzz.event("page_view", identifier: { email: "user@example.com" })
+  #
+  def self.event(event_type, visitor_id: nil, identifier: nil, **properties)
+    resolved_visitor_id = visitor_id || self.visitor_id
+    resolved_user_id = user_id
+
+    # Must have at least one identifier
+    return false unless resolved_visitor_id || resolved_user_id
+
     Client.track(
-      visitor_id: visitor_id,
-      session_id: session_id,
-      user_id: user_id,
+      visitor_id: resolved_visitor_id,
+      user_id: resolved_user_id,
       event_type: event_type,
       properties: enriched_properties(properties),
       ip: current_ip,
-      user_agent: current_user_agent
+      user_agent: current_user_agent,
+      identifier: identifier
     )
   end
 
@@ -119,31 +133,47 @@ module Mbuzz
   # Track a conversion (revenue-generating outcome)
   #
   # @param conversion_type [String] The type of conversion
+  # @param visitor_id [String, nil] Explicit visitor ID (required for background jobs)
   # @param revenue [Numeric, nil] Revenue amount
   # @param user_id [String, nil] User ID for acquisition-linked conversions
   # @param is_acquisition [Boolean] Mark this as the acquisition conversion for this user
   # @param inherit_acquisition [Boolean] Inherit attribution from user's acquisition conversion
+  # @param identifier [Hash, nil] Optional identifier for cross-device identity resolution
   # @param properties [Hash] Custom properties
   # @return [Hash, false] Result hash on success, false on failure
   #
-  # @example Basic conversion
+  # @example Basic conversion (within request context)
   #   Mbuzz.conversion("purchase", revenue: 99.99, order_id: "ORD-123")
   #
+  # @example Background job (must pass explicit visitor_id)
+  #   Mbuzz.conversion("purchase", visitor_id: order.mbuzz_visitor_id, revenue: 99.99)
+  #
   # @example Acquisition conversion (marks signup as THE acquisition moment)
   #   Mbuzz.conversion("signup", user_id: "user_123", is_acquisition: true)
   #
   # @example Recurring revenue (inherits attribution from acquisition)
   #   Mbuzz.conversion("payment", user_id: "user_123", revenue: 49.00, inherit_acquisition: true)
   #
-  def self.conversion(conversion_type, revenue: nil, user_id: nil, is_acquisition: false, inherit_acquisition: false, **properties)
+  # @example With identifier for cross-device tracking
+  #   Mbuzz.conversion("purchase", identifier: { email: "user@example.com" })
+  #
+  def self.conversion(conversion_type, visitor_id: nil, revenue: nil, user_id: nil, is_acquisition: false, inherit_acquisition: false, identifier: nil, **properties)
+    resolved_visitor_id = visitor_id || self.visitor_id
+
+    # Must have at least one identifier (visitor_id or user_id)
+    return false unless resolved_visitor_id || user_id
+
     Client.conversion(
-      visitor_id: visitor_id,
+      visitor_id: resolved_visitor_id,
       user_id: user_id,
       conversion_type: conversion_type,
       revenue: revenue,
       is_acquisition: is_acquisition,
       inherit_acquisition: inherit_acquisition,
-      properties: enriched_properties(properties)
+      properties: enriched_properties(properties),
+      ip: current_ip,
+      user_agent: current_user_agent,
+      identifier: identifier
     )
   end
 
@@ -180,12 +210,26 @@ module Mbuzz
   private_class_method :enriched_properties
 
   def self.current_ip
-    RequestContext.current&.ip
+    current_attributes_ip || RequestContext.current&.ip
   end
   private_class_method :current_ip
 
   def self.current_user_agent
-    RequestContext.current&.user_agent
+    current_attributes_user_agent || RequestContext.current&.user_agent
   end
   private_class_method :current_user_agent
+
+  def self.current_attributes_ip
+    return nil unless defined?(Current)
+
+    Current.ip
+  end
+  private_class_method :current_attributes_ip
+
+  def self.current_attributes_user_agent
+    return nil unless defined?(Current)
+
+    Current.user_agent
+  end
+  private_class_method :current_attributes_user_agent
 end

data/lib/specs/v0.7.0_deterministic_sessions.md

@@ -1,6 +1,13 @@
 # mbuzz SDK v0.7.0 - Deterministic Session IDs
 
-**Status**: Proposed
+> **⚠️ SUPERSEDED**: This spec has been replaced by server-side session resolution.
+> See: `multibuzz/lib/specs/1_visitor_session_tracking_spec.md`
+>
+> **What changed**: Instead of SDKs generating deterministic session IDs using time-buckets,
+> the server now handles all session resolution using IP + User-Agent fingerprinting with
+> a true 30-minute sliding window. SDKs no longer manage session cookies.
+
+**Status**: SUPERSEDED (2026-01-09)
 **Last Updated**: 2025-12-29
 **Breaking Change**: No (backward compatible)
 **Affects**: All SDKs (Ruby, Python, PHP, Node)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mbuzz
 version: !ruby/object:Gem::Version
-  version: 0.6.8
+  version: 0.7.1
 platform: ruby
 authors:
 - mbuzz team
@@ -44,14 +44,13 @@ files:
 - lib/mbuzz/client.rb
 - lib/mbuzz/client/conversion_request.rb
 - lib/mbuzz/client/identify_request.rb
-- lib/mbuzz/client/session_request.rb
 - lib/mbuzz/client/track_request.rb
 - lib/mbuzz/configuration.rb
 - lib/mbuzz/controller_helpers.rb
+- lib/mbuzz/current.rb
 - lib/mbuzz/middleware/tracking.rb
 - lib/mbuzz/railtie.rb
 - lib/mbuzz/request_context.rb
-- lib/mbuzz/session/id_generator.rb
 - lib/mbuzz/version.rb
 - lib/mbuzz/visitor/identifier.rb
 - lib/specs/old/SPECIFICATION.md

data/lib/mbuzz/client/session_request.rb

@@ -1,43 +0,0 @@
-# frozen_string_literal: true
-
-module Mbuzz
-  class Client
-    class SessionRequest
-      def initialize(visitor_id, session_id, url, referrer, started_at)
-        @visitor_id = visitor_id
-        @session_id = session_id
-        @url = url
-        @referrer = referrer
-        @started_at = started_at || Time.now.utc.iso8601
-      end
-
-      def call
-        return false unless valid?
-
-        Api.post(SESSIONS_PATH, payload)
-      end
-
-      private
-
-      attr_reader :visitor_id, :session_id, :url, :referrer, :started_at
-
-      def valid?
-        present?(visitor_id) && present?(session_id) && present?(url)
-      end
-
-      def payload
-        {
-          session: {
-            visitor_id: visitor_id,
-            session_id: session_id,
-            url: url,
-            referrer: referrer,
-            started_at: started_at
-          }.compact
-        }
-      end
-
-      def present?(value) = value && !value.to_s.strip.empty?
-    end
-  end
-end

data/lib/mbuzz/session/id_generator.rb

@@ -1,33 +0,0 @@
-# frozen_string_literal: true
-
-require "digest"
-require "securerandom"
-
-module Mbuzz
-  module Session
-    class IdGenerator
-      SESSION_TIMEOUT_SECONDS = 1800
-      SESSION_ID_LENGTH = 64
-      FINGERPRINT_LENGTH = 32
-
-      class << self
-        def generate_deterministic(visitor_id:, timestamp: Time.now.to_i)
-          time_bucket = timestamp / SESSION_TIMEOUT_SECONDS
-          raw = "#{visitor_id}_#{time_bucket}"
-          Digest::SHA256.hexdigest(raw)[0, SESSION_ID_LENGTH]
-        end
-
-        def generate_from_fingerprint(client_ip:, user_agent:, timestamp: Time.now.to_i)
-          fingerprint = Digest::SHA256.hexdigest("#{client_ip}|#{user_agent}")[0, FINGERPRINT_LENGTH]
-          time_bucket = timestamp / SESSION_TIMEOUT_SECONDS
-          raw = "#{fingerprint}_#{time_bucket}"
-          Digest::SHA256.hexdigest(raw)[0, SESSION_ID_LENGTH]
-        end
-
-        def generate_random
-          SecureRandom.hex(32)
-        end
-      end
-    end
-  end
-end