Track interactions across Sitefinity CMS sites


This article explains how to implement cross-domain mapping across your Sitefinity CMS sites. The goal is to ensure that one and the same physical visitor who browses more than one of your web sites, hosted under different domains, is recognized as one and the same Sitefinity Insight visitor and not as different Sitefinity Insight visitors for each domain. To achieve this, for each visitor a new cross-domain identity is introduced and it is stored in a cookie named sf-data-intell-crosssite-subject. This cookie is issued and managed by a domain called a mapping domain. The website domains that generate the actual traffic are called tracked domains.

When a new visitor lands on any of the tracked domains, a domain-specific identity is issued and is stored in a cookie named sf-data-intell-subject. Once this happens, the tracked domain issues an HTTP call to the mapping domain. The call includes the value of sf-data-intell-subject as query parameter and the value of sf-data-intell-crosssite-subject as cookie header, attached by the browser. To ensure that the browser attached the sf-data-intell-crosssite-subject, this cookie must be configured as SameSite=None and the Secure flag must be set to True. If the sf-data-intell-crosssite-subject cookie has not been issued previously, the mapping domain will create a unique identifier and issue the sf-data-intell-crosssite-subject to be equal to this unique value.

Once the mapping domain has both the cross-domain identity and the domain-specific identity of a visitor, it creates mapping between those two identities to the Sitefinity Insight API Server. From this point on, Sitefinity Insight considers two identities to identify a single visitor. This is done for all tracked domains and, therefore, a visitor, browsing all domains, is recognized as a single Sitefinity Insight visitor.

To implement cross-site interactions tracking, perform the following:

  • You need to enable CORS on your mapping endpoint.
  • If you are using the Web Security module, you need to configure it to allow calls to be made to your mapping domain.

Perform the following:

  1. Enable and configure the Sitefinity Insight connector for Sitefinity CMS. 
    All domains must be configured to send data to a single Sitefinity Insight data center. 
    For more information, see Connect to Sitefinity Insight.
  2. Create a JavaScript client that runs on all pages of the tracked domains. 
    This code makes an HTTP call each time a new visitor lands on a tracked domain. The code also reads the value of the sf-data-intell-subject and passes it to the mapping domain. Because the mapping domain issues the sf-data-intell-crosssite-subject cookie (SameSite=None, Secure), this cookie is also attached to the HTTP call by the browser. To create your own JavaScript client, see the code sample in Client-side: Tracked domains.
  3. Create an endpoint on the mapping domain. 
    This endpoint is called by each tracked domain. Thе endpoint is responsible for managing the sf-data-intell-crosssite-subject cookie. Thе endpoint is also responsible for emitting mapping between the identity of the visitor on the tracked domain and the global identify cookie. To create the endpoint as a part of a Web API controller, see the code sample in Server-side: Mapping domain.

Client-side: Tracked domains

Each tracked domain must contain a JavaScript function that performs the following actions:

  • Sends an HTTP request to the mapping domain endpoint, if the subject of the currently browsing visitor is not mapped to the cross-domain subject. The HTTP calls enclose the current subject as a query parameter.
  • Process the response to check if the current subject was successfully mapped to the cross-site subject. 
    If this is the case, the mapping operation does not need to repeat again. To ensure that, a cookie marker is set.

Following is a sample code you can use for client-side implementation of cross-domain tracking:

NOTE: You need to include this script on all pages. For testing purposes, you could include the script on a single page using a JavaScript widget. 

Server-side: Mapping domain

The mapping domain must expose an HTTP endpoint that receives the tracked-domain identity of a visitor and maps it to the cross-site identity of the same visitor. In the example code below, the endpoint is part of a dedicated Web API controller and performs the following actions:

  • Ensures that the endpoint is invoked under HTTPS.
    The sf-data-intell-cross-site-subject is a secure cookie and invocations under HTTP return incorrect results.
  • Checks if the sf-data-intell-crosssite-subject cookie exists. 
    If not, it populates it with a unique value. The configuration of the cookie should be SameSite=None, Secure.
  • Invokes an HTTP call to the Sitefinity Insight API to ensures that the domain-specific identity of the visitor (passed by the tracked domain as a query param) and the cross-site identity of the visitor are mapped.
  • Builds the proper response and returns it to the tracked domain.
Following is a sample code that you can use for server-side implementation of cross-domain tracking. You need to register you controller in the Global.asax.

Was this article helpful?