Manage cookies

Overview

To report tracking data for one and the same person across different sessions consistently, the JavaScript SDK uses a cookie to save the subject ID of this person. By default, the name of the cookie is sf-data-intell-subject. If there is no cookie present when initializing the client, a new cookie is automatically created and a corresponding GUID is generated for the subject ID.

Configure the cookie

The following sections demonstrate how to adjust options for the cookies, issued on your sites.

Configure cookie tracking across sub-domains

You can make the cookie visible across sub-domains, thus making the tracked visitor interactions across all of the sub-domains uniform.

For example, if your website www.mysite.com has several sub-domains: music.mysite.com, movies.mysite.com, and books.mysite.com. To track across all subdomains, perform the following:

Using Sitefinity CMS:

  1. In Sitefinity CMS backend, navigate to Administration » Settings » Advanced » DigitalExperienceCloudConnector.
  2. Set the tracking domain .mysite.com  in Tracking cookie domain.

Using Sitefinity Insight JavaScript SDK:

You configure these parameters using corresponding arguments of the Insight JavaScript SDK constructor.

To set cookie expiration, set the trackingCookieDomain parameter to the domain of the JavaScript SDK cookie to .mysite.com as in the following sample:

Configure cookie expiration

By default, the tracking cookie expires in 365 days (1 year) and does not use sliding expiration. You can modify these defaults in the Sitefinity CMS backend, or, for non-Sitefinity sites, configure the Insight JavaScript SDK.

Perform the following:

Using Sitefinity CMS:

  1. In Sitefinity CMS backend, navigate to Administration » Settings » Advanced » DigitalExperienceCloudConnector.
  2. To configure the expiration age, set Tracking cookie Max-Age.
    The value is in days.
  3. To configure whether the cookie is using sliding expiration, set Sliding expiration for tracking cookie.

Using Sitefinity Insight JavaScript SDK:

You configure these parameters using corresponding arguments of the Insight JavaScript SDK constructor.

  • To set cookie expiration, use the cookieMaxAgeInDays parameter.
  • To set sliding window, set the cookieSlidingExpiration to true.
    The default is false.

The following example demonstrates how to use these parameters:

Additional cookie configuration

For pages served over HTTP, the cookies are always created using SameSite=Lax mode.

When your sites use HTTPS, the tracking cookie is issued by default with the SameSite=None attribute set and the Secure flag set.
This means the cookie is sent in all contexts, including cross-origin requests, over a secure connection.

NOTE: This behavior is valid starting with Sitefinity CMS 15.1.8321.

RECOMMENDATION: We recommend leaving the default behavior of using secure cookies in production sites as a security best practice. This ensures that the visitor journeys are properly attributed to the same visitor in Sitefinity Insight. You should use Lax mode only in development or test environments.
As a security best practice, you should configure all your production instances to use HTTPS. If you have subdomains configured to use HTTP and you have configured tracking cookie domain to be shared between sites, user journeys could be affected when navigating from HTTPS to HTTP, as the secure cookie will not be read by the HTTP site.
While this is not a recommended configuration, you can still track your visitors across all your domains. For more information, see Track interactions across multiple domains.

You can configure the tracking cookie to be used in SameSite=Lax mode over HTTPS.

To change the tracking cookie mode, perform the following:

Using Sitefinity CMS:

  1. Log in Sitefinity CMS backend with administrator account.
  2. Navigate to Administration » Settings » Advanced » DigitalExperienceCloudConnector.
  3. Set or unset Use secure cookies.

Using Sitefinity Insight JavaScript SDK:

You configure the cookie Lax mode using an argument of the Insight JavaScript SDK constructor.

To set cookie expiration, set the useSecureCookies parameter to false, as in the following example.

Stop tracking visitors

You can use the following Sitefinity Insight API to help you build GDPR compliance for your sites. 

Delete the tracking cookie

In case visitors do not provide tracking consent, the site administrator may need to delete the cookie issued for the specific visitor. The sfDataIntell client exposes a deleteCookie method that requires a domain parameter. To do so, you need the trackingCookieDomain parameter, provided when you initialized the JavaScript SDK client.

Enable and disable tracking

When working with JavaScript SDK version 3.0 and newer, you can use the enableTracking parameter that reflects whether the data subject (website visitor) has approved or rejected the data collection consent.

The following code snippets demonstrate the two options for the enableTracking parameter:

  • Site visitor approved data collection:
  • Site visitor rejected data collection:

For more information about the parameters, described above, see Initialize the JavaScript SDK.

Was this article helpful?