digital-identity-platform-docs
digital-identity-platform-docs / supabase/functions/mark-session-detection
supabase/functions/mark-session-detection
Fileoverview
Mark Session Detection Edge Function
Updates loader sessions with adblock and ITP detection flags. Called by the sgtm-router worker when tracking prevention is detected.
Cloudflare Architecture Context
| Attribute | Value |
|---|---|
| Classification | 🟢 ACTIVE |
| Position | After Cloudflare (receives detection events from CF Router Worker) |
| Receives Public Traffic | No (CF Router Worker only) |
| Latency Sensitive | No (async fire-and-forget from Worker) |
| Safe to Retry | Yes (idempotent flag updates) |
| Failure Behavior | Fail-open (Worker continues regardless of response) |
⚠️ IMPORTANT: This is the ONLY edge function called per-request from Cloudflare. All other CF interactions use KV cache with sync-edge-config for updates.
Request Headers (from CF Router Worker):
- X-SGTM-Container-Id: UUID of the container (required)
- X-Public-Host: Public hostname (optional, for logging)
Endpoint
POST /mark-session-detection
Auth
None - Uses loader_token validation via RPC
Remarks
- Receives tenant context from worker via X-SGTM-Container-Id header
- Calls
rpc_mark_session_detectionfor tenant-safe, atomic update - The RPC validates loader_token matches the container
- Updates loader_sessions only for sites belonging to the container
- Only updates fields when detection is true (doesn't clear existing flags)
Tables touched (via RPC):
- sgtm_containers (read - token validation)
- sites (read - get valid site_ids for container)
- loader_sessions (update)
Example
json
{
"loader_token": "abc12345",
"client_session_id": "uuid",
"adblock_detected": true,
"adblock_method": "bait",
"itp_detected": false,
"itp_method": null,
"sgtm_container_id": "uuid", // optional, header preferred
"public_host": "example.com" // optional, for logging
}