• Unlike it was assumed, GeoIp calls emitted by the filter aren't expensive (do not make extra http calls rather relying on the local db).
• With that it would be advisable to reconfigure the filter to use the request-scoped storage instead of the session-scoped one.
  • this way we wouldn't be creating the new sessions for anonymous users, preventing potential DoS attacks.
  • also we'd avoid potential inquiries from the privacy-matters concerned clients, who might be confused by the fact that session cookies being created where they are not expected.

Workaround:

Set https://demo.magnolia-cms.com/.magnolia/admincentral#app:configuration:browser;/modules/personalization-traits/traits/country@traitStorageClass:treeview: to info.magnolia.personalization.trait.storage.StorageAwareTraitCollector$RequestScopedTraitStorage