visit_duration is only used when using cookies - endless visits when using anonymity sets

[zealot128]

By grepping over the code base, It seems visit_duration is only applied when tracking via cookies.

When using Cookie-less tracking, all identical anonymity sets are munched together to one visit, even days apart.

We just had the experience of a conflicting user, which used the same browser, and the same masked-ip, but are days apart and where different people.

I propose, to:

• mention that info in the README under visit_duration that it only applies to cookies
• quickfix for us ATM: add the current date into the anonymity set - at least this helps a bit and don't group visits days apart.
• or in DatabaseStore: somehow, make a new visit, when the duration of the current visit is over (last event < duration.ago age), but the visit_token is unique by default, and the visit_token is generated by the anonymity set mhmmmm..

This problems grows especially, as more browser want to reduce the information supplied in the user-agent so a collision will occur more frequently. Even so, the same user should also create a new session after some amount of time.

[zealot128]

Just saw a very similiar issue, but didn't found the title first.

#469

The problem is much more robust when using cookies, there is no time element at all, then. Not only when users with new landing pages etc, but even the same user after a couple of days.
We have spreads of 160+ days in one visit between started_at and max(time)...