When a user triggers any sort of AJAX related content, that AJAX url is being stored to the user's session_page field in the sessions table.

That means a user who is viewing a forum, but clicked on an AJAX action, for example Delete all board cookies, then the delete all board cookies link gets stored to their session_page, and in view online the user will be reported as viewing the UCP, even though they are actually still on a forum page.

This gets worse for extensions, which will use AJAX increasingly.

The session_page data should only store actual pages being viewed, not AJAX requests.