We are using cURL to retreive a Marketo landing page and modifying the returned html before displaying it for the user to complete and submit. We are doing this for two reasons, one is to modify the url of the thank you page, the other is to perform export control checking before redirecting to a thank you page url that contains downloadable software,
As part of the cURL request we include the value of the _mkto_trk cookie from the user's original request. So the _mkto_trk cookie that goes with the cURL requst is the one that came from the user's browser. We have recieved several complaints recently that the forms are prefilling with the wrong user's information. The user's are reaching our landing page from a link in a Facebook ad.
Is there something we are missing in the process that is causing the form to prefill with the wrong information?
The _mkto_trk cookie value is being sent as a cookie value. We do our backend coding in PHP. The PHP cURL has a curl_setopt function that allows cookie values to be sent with the request. We are passing some query parameters to the form in the url, but none that contain identity information.