When Campaign logs a ServerSideAccountCreation event, it still logs the 'mediaWiki.user.id' cookie as the token field.
As https://meta.wikimedia.org/wiki/Schema_talk:ServerSideAccountCreation#event_token_changes says, client-side code no longer sets this long-lived cookie since T46327: mediawiki.user: Anonymous users should not be identifiable cross sessions was fixed in May 2013. Instead if mw.user.id() is called it sets a 'mediaWiki.user.sessionId' cookie.
Depending on need and privacy policy, Campaign could be changed to not log token, or to log the new 'mediaWiki.user.sessionId' cookie. FYI account creation does not currently set either cookie; the current callers of mw.user.id() are AFT, AFTv5, and UniversalLanguageSelector.
Many events still have a non-blank token (30% of all enwiki and dewiki account creations). Apparently people are creating accounts in browsers that set this cookie months ago.
Version: master
Severity: minor