When setting Tracker to true on the configuration toml file, the tracker assigns different tracking ID for each request within the same session which distributes the session cookies between multiple keys (some times hundreds).

Could you provide more details to reproduce this bug?

Same here. Don't know if actually for each request but after cleaned up all the db and starting a new session. I got in the tracker around 10 sessions

@soermejo and @X0rh0. I think your issue may stem from editing your config.toml file and doing a replace of your phishing site with the target site.

I.e if you have something like this in your config

#Generic replacement rules:
#it applies to body and any http header enabled for manipulation
content = [
          ["phishing.site","target.site"]
        ]

What will happen is the cookie issued to track a session will instead be issued for the target site. When this happens each request will not see the cookie and instead will issue a new ID.

The simple fix is just to leave these blank, muraena already does the replacement for you