What is used to track a user session?

[pixelpaulaus]

So i have Umami running in the user browser, with the tracking script.
But I am also sending event data for the user session on the server, in PHP.
I am sending the following information on the API POST header:

"Content-Type: application/json; charset=utf-8", "Accept-Language: $language_here", "User-Agent: $user_agent_here", "Referer: $referer_here"

And the following data on the event:

'payload' => [ 'website' => $website_here, 'hostname' => $host_here, 'url' => $requestUrl_here, 'name' => 'purchase', 'title' => 'Checkout success', 'data' => [ 'amount' => $vars['TotalDue'] ], 'language' => $language_here, 'referrer' => $referrer_here ], 'type' => 'event'

BUT, it does not link that event to the correct user session. And all of these events end up coming up under the same user session as if the same person. Even tho all those values are unique to the user.
Am I missing something that umami also uses to track the session and link events to the session?
I am thinking maybe the IP address on the request to the API? As that is one thing that would always be the same being my server IP.

[jasalt]

@pixelpaulaus also interested in sending data programmatically and keeping sessions intact (from php service or access logs). I don't see that the user's IP is reaching the backend with this API call as with the script tag sending the request straight from user's browser.

Wondering if Umami API supports passing IP and additionally event timestamp which would be useful if adding historical data, but I don't see those in docs.

Some reading:

• https://umami.is/docs/metric-definitions
• how are sessions tracked? do they expire? #1681 (comment)

[jasalt]

Developer mentioned here #2653 (comment) that "session data will be tricky because your session id is calculated on the fly at time of creation", and there is discussion on doing import on database level plus example script.