Why not save all the LeadSource records (even when they are anonymous)

[boatcoder]

I'm curious why you don't persist all the LeadSource records (with NULL user FKs) so you can see what is generating buzz. Seems like you could store the LeadSource FK in the session as well and when they do login (if they ever do) you would update all the already existing LeadSource records. This would mean you could have request.lead_source available for use inside the views as well so you could tell where people came from and deliver a more customized experience.

The only stopper here would be bots could generate a ton of LeadSource records so you would need to do UserAgent detection and just not persist any LeadSource records from those bots.

[hugorodgerbrown]

Good question - and there's not really a good reason not to, it was just that this (tracking campaigns) wasn't the original use case, as we have standard campaign analytics for that. The use case was tracking the original source of people who became registered users.

On a related note - our recent experience with django-csp-plus and hosting a CSP reporting endpoint suggests that keeping out unwanted traffic is a harder problem that it first appears. Once you open up endpoints to the world you get a lot of weird stuff coming in.