Skip to main content

How the tracker stores state

Unless you have enabled respectDoNotTrack in the configuration argmap, the tracker will persist information on the client. The location depends on the stateStorageStrategy field in the argmap. By default, information will be stored in cookie. Alternatively, you can specify localStorage to have the state stored in local storage. Finally, you can set stateStorageStrategy to none in order not to store anything client side. You may also leverage anonymousTracking to control when values are stored in cookies or local storage.

The stored state takes the form of two first party cookies: the session cookie and the ID cookie. By default their names are prefixed with “sp“, but you can change this using the “cookieName” field in the argmap. Their names are suffixed with a hash of the current domain, so the full cookie names might look something like _sp_ses.4209 and _sp_id.4209.

Called _sp_ses.{{DOMAIN HASH}} by default, the only purpose of this cookie is to differentiate between different visits. Whenever an event is fired, the session cookie is set to expire in 30 minutes. (This value can be altered using setSessionCookieTimeout)

If no session cookie is already present when an event fires, the tracker treats this as an indication that long enough has passed since the user last visited that this session should be treated as a new session rather than a continuation of the previous session. The visitCount (how many times the user has visited) is increased by one and the lastVisitTs (the timestamp for the last session) is updated.

Note: A new session can be started at any time by calling the function newSession.

This cookie is called _sp_id.{{DOMAIN HASH}} by default. It is used to persist information about a user’s activity on the domain between sessions. It contains the following information:

  • An ID for the user based on a v4 (random) UUID. Generated by the uuid library.
  • How many times the user has visited the domain
  • The timestamp of the user’s first visit
  • The timestamp of the current visit
  • The timestamp of the last visit
  • The ID of the current session
  • ID of the previous session (since version 3.5)
  • ID of the first event in the current session (since version 3.5)
  • Device created timestamp of the first event in the current session (since version 3.5)
  • Index of the last event in the session (used to inspect order of events) (since version 3.5)

It expires after 2 years.

There is a third sort of Snowplow-related cookie: the cookie set by the Collector, independently of the JavaScript Tracker. The Collector cookie is called “sp”. It is either a first or third-party cookie, depending on the collector URL, used to track users over multiple domains. It expires after one year.

Was this page helpful?