How the tracker stores state
Unless you have enabled respectDoNotTrack
in the configuration argmap, the tracker will persist information on the client. The location depends on the stateStorageStrategy
field in the argmap. By default, information will be stored in cookie. Alternatively, you can specify localStorage
to have the state stored in local storage. Finally, you can set stateStorageStrategy
to none
in order not to store anything client side. You may also leverage anonymousTracking
to control when values are stored in cookies or local storage.
The stored state takes the form of two first party cookies: the session cookie and the ID cookie. By default their names are prefixed with “sp“, but you can change this using the “cookieName” field in the argmap. Their names are suffixed with a hash of the current domain, so the full cookie names might look something like _sp_ses.4209 and _sp_id.4209.
The session cookie
Called _sp_ses.{{DOMAIN HASH}} by default, the only purpose of this cookie is to differentiate between different visits. Whenever an event is fired, the session cookie is set to expire in 30 minutes. (This value can be altered using setSessionCookieTimeout
)
If no session cookie is already present when an event fires, the tracker treats this as an indication that long enough has passed since the user last visited that this session should be treated as a new session rather than a continuation of the previous session. The visitCount
(how many times the user has visited) is increased by one and the lastVisitTs
(the timestamp for the last session) is updated.
Note: A new session can be started at any time by calling the function newSession
.
The ID cookie
This cookie is called _sp_id.{{DOMAIN HASH}} by default. It is used to persist information about a user’s activity on the domain between sessions. It contains the following information:
- An ID for the user based on a v4 (random) UUID. Generated by the uuid library.
- How many times the user has visited the domain
- The timestamp of the user’s first visit
- The timestamp of the current visit
- The timestamp of the last visit
- The ID of the current session
- ID of the previous session (since version 3.5)
- ID of the first event in the current session (since version 3.5)
- Device created timestamp of the first event in the current session (since version 3.5)
- Index of the last event in the session (used to inspect order of events) (since version 3.5)
It expires after 2 years.
The Collector cookie
There is a third sort of Snowplow-related cookie: the cookie set by the Collector, independently of the JavaScript Tracker. The Collector cookie is called “sp”. It is either a first or third-party cookie, depending on the collector URL, used to track users over multiple domains. It expires after one year.