-
-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement first party cookie in Piwik #409
Comments
+1 for this Any news? We have piwik deployed to track widgets views (LOTS of hits from differents domains) and we are forced to increase header size in apache... |
same issue here. I already had to increase allowed header size in nginx 2 times with just a couple thousand sites. |
This is planned to be fixed before Piwik 1.0, which means in the next 2 months. If you can help with implementation or testing, please let us know. This is def a high priority issue. |
I would love to help with testing |
We should do the quick fix solution for 1.0, ensuring we store the last websites data, up to a reasonnable limit (1kb?). If a cookie does on average 200b we could still store 5 sites without failing as it is now. We could then do the scalable long term solution post 1.0. |
The goal would be to slightly update the Cookie mechanism in Tracker to have it store a total max of 1kb, discarding older tracking cookies. |
I will implement the quick fix.. |
(In [2777]) Refs #409
|
Any news on when Piwik is going to support 1st party cookies? 3rd party cookies are a less well-accepted. Not only by browsers, but also by people. thanks! |
When implemented, we should also have the PiwikTracker api class set the 1st party cookie forwarded from the piwik server response. |
In [3544], I added core/Tracker/Cookie.php to encapsulate the ignore_cookie. But it too suffers from the third-party cookie issue. |
Replying to matt:
The first-party "cookie" will actually be a UUID (not necessarily rfc4122 compliant) generated by piwik.js and passed to piwik.php via a new parameter. Any allowed third-party cookies will continue to be signed and sent via the Cookie: header. The tracker session table will map first and third party visitor id_cookies (plus idsite to act as indices) to rows that contain the former cookie store. |
Use cases for this feature:
Requirements piwik.js
Requirements piwik.php
Documentation:
Ideas for V2
|
Also I think the piwik_ignore cookie should stay 3rd party (and signed), to avoid abuse. |
(In [3634]) Fixes #1916 |
Also we need to think about subdomains tracking and first party cookies. How does GA handle this for example? see for reference: http://www.roirevolution.com/blog/2011/01/google_analytics_subdomain_tracking.php and http://www.dannytalk.com/how-to-track-sub-domains-cross-domains-in-google-analytics/ |
|
matt: do you still want this one? It doesn't appear in the request. To manage this on the client, requires also keeping track of the timestamp for the most recent page view of the current visit.
|
Because of this condition:
_pk_ref will never contain a referer for the current domain or subdomain; so, this expression will never be true:
|
re: comment:38 - oops, I didn't scroll all the way to the right to read your comment; got it The timestamp in comment:37 is still an open question. Also, you mention that _pk_ref "Contains time at which ref URL was set", but this timestamp doesn't appear in the request either. (If I store this in the cookie, I need to change the delimeter, as the referrer may contain '.') |
OK that's right, this timestamp can also be saved in the cookie (ie. _pk_ses cookie?)
what do you mean by "it doesnt appear in the request"? I mean, the _pk_ref must contain the URL as well as the client timestamp when the cookie was last updated with a ref URL. Thx |
I mean your specification doesn't show any parameters in the request to piwik.php for these timestamps.
If I understand _pk_ses correctly, the timestamp of the most recent page view (cvts) would have to instead be stored in _pk_id. |
Indeed, I now updated the request to add these 2 timestamp Also I'm not sure what I meant by: &_ses=1 in the URL... ? maybe this is not useful. |
Maybe if _ses=0, the server should use third-party cookies? |
(In [3783]) refs #409 - first party cookies
refs #739 - piwik.js improvements
refs #752 - track middle mouse button clicks (via mousedown+mouseup pseudo-click handler); defaults to tracking true "clicks"
refs #1984 - custom variables vs custom data @todo These are just stubs.
|
(In [3784]) refs #409 - use getCookieName() in hasCookies() test |
Mark as fixed. Future commits to #1984. |
I still have to do some work :)
Also,
|
ok. on my todo list. |
the revision [3960] is leading to a lot of breaking on our sites. We track multiple siteIds using the same domain name. On each request we call trackPageView twice once for each siteid. The new mechanism of adding the site id to the cookie name is causing the headers to overflow the server buffers. Leading to numerous errors on our server. The goal that was to be achieved by this change i believe was to be able to track different site Ids for the sub domains. But if that is a requirement of the application then the application should do so by calling trackPageView twice or three times. The current implementation would lead to an endless increase in the number of cookies as the user moves from one site to the next. which is what is happening on our side. |
Sam: it depends how you use piwik.js. (fyi the reason for the hash is mentioned in comment:44) Are you using two sites ids across the entire site? Or many more? eg one site-wide, and another that varies/depends on some area of the website? In this scenario, you should use setCookiePath() Can you see if the TrackSiteByUrl plugin can be adapted for your environment? |
I looked at comment:44 the only thing I can see regarding the relevance would be the social network example. Unfortunately I couldn't find the description of this use case. In our setup, we are using the same URL for all the various sites so cookie paths are not going to work. Regarding the site ids we have one siteId that is site wide and another one based on the client. We have thousands of clients that we track. we developed our own plugin that creates the site during our own account creation process, retrieves the site id and embed that into the db for tracking. One thing to note here is if you think about it abstractly, you have one user one browser. Can that user really have multiple identities, referral URLs ..etc based on the siteId????!!! I think this fix is trying to do something Piwik shouldn't be responsible for. This is on a side note, but referral URLs can be monstrous in size. adding them to cookies can be a real pain on the server. if you already have them in the db based on the visitor id/siteId should they really be in the cookie as well? |
The hash addresses the subdomain cookie leak problem in Firefox. Each tracker instance can point to a different Piwik server. If you're using cookie domains and/or paths, then it is possible for the cookie contents to be different. |
But if that is case then you can create the hash based on the piwik domain url instead of based on the siteId. I still don't understand how adding the site Ids will fix the FF issue. Wouldn't the cookies still leak to the subdomains? Regarding different siteIds values for subdomains. I might be wrong here but if there are two cookies with the same name if the subdomain is set for one of them and you visited the subdomain, wouldn't that return the one that has the subdomain set? |
the hash is only on cookie domain and path in any case, I think you're focussing too much on the hash the bigger picture is that your visitors are amassing many, large cookies. What you expect/want is one client side cookie with server-side storage for the bulk of the cookie contents, that can somehow be mapped to one or more tracking site IDs. This wasn't part of the scope of this ticket, so it isn't something Piwik does right now. I'll create a new ticket for this feature request and we'll figure it out from there. |
See the new ticket at #2680 |
See also #2211 piwik.js: Cross domain tracking |
Currently Piwik is using several third party cookies. we want Piwik to create, by default, 1st party cookies only. This is mainly for privacy reasons, but also for better accuracy in counting unique visitors (1st party cookies are more often accepted and less often deleted by users)
This ticket is a requirement for #134 and #1984
Keywords: scalability, cookie, 1st party cookie
The text was updated successfully, but these errors were encountered: