Failing to understand how Domain Session and User IDs work

For engineers
1

Hi,
I am new to snowplow. I am having issues understanding session and user - ids.
When I load my app and trigger any further events then the domain session and user ids stays the same in every call.
But when I am reloading the page then a new pageView event gets trigger and new domain session and user ids get created.
My expectation is to have a session and user id which should not change on page reload but the user id should stay same for a defined period of time and session id should stay same until the session ends.

Following is the configuration for snowplow:

<script type="text/javascript">
    ;(function(p,l,o,w,i,n,g){if(!p[i]){p.GlobalSnowplowNamespace=p.GlobalSnowplowNamespace||[];
      p.GlobalSnowplowNamespace.push(i);p[i]=function(){(p[i].q=p[i].q||[]).push(arguments)
      };p[i].q=p[i].q||[];n=l.createElement(o);g=l.getElementsByTagName(o)[0];n.async=1;
      n.src=w;g.parentNode.insertBefore(n,g)}}(window,document,"script","https://cdn.jsdelivr.net/gh/snowplow/sp-js-assets@2.16.1/sp.js","snowplow"));

    snowplow("newTracker", "sp", "{collectorUrl}", {
      appId: "AnalyticsApp", // You will add snowplow on multiple apps so appId will help you detect what app you are tracking
      platform: "web",
      cookieDomain: null,
      discoverRootDomain: true,
      cookieName: "_sp534_",
      encodeBase64: false,
      respectDoNotTrack: false,
      userFingerprint: true,
      userFingerprintSeed: 6385926734,
      pageUnloadTimer: 0,
      forceSecureTracker: true,
      eventMethod: "post",
      bufferSize: 5,
      maxPostBytes: 45000,
      crossDomainLinker: function (linkElement) {
        return (linkElement.href === "http://acme.de" || linkElement.id === "crossDomainLink");
      },
      cookieLifetime: 86400 * 31,
      stateStorageStrategy: "cookie",
      contexts: {
        webPage: true,
        performanceTiming: true,
        gaCookies: true,
        geolocation: false
      }
    });
    snowplow('trackPageView');

  </script>

I am using 2.16.1 version of snowplow.

A little help here is really appreciated.
My end goal is to have user and session id working properly and not resetting on page reload.
Should I rely on Domain session and user ids?

2

@downtoearth, sessions are stored in the 1st party cookie and are explained in here.

The cookie could be reset if access to it is blocked by, say, ad blocker or other security measures. This would prompt the tracker to generate a new UUID.

Yet another possibility is yet another (conflicting) Snowplow tracker instance that overrides the same cookie.

3

Another option is that if you are running this locally, i.e. localhost, and on http then the cookies will not store as they default to secure. You’ll need to update cookieSecure: false and cookieSameSite: "Lax" if thats the case.

1 Like
4

@ihor Thanks for your suggestions Actually I was using snowplow locally hence the solution proposed by @PaulBoocock did work for me.
Thank you @PaulBoocock. I will use these properties while development and will not check in for prod environments.

@ihor, @PaulBoocock I have another question related to this though.
In case I want to use server generated session and user id. Can you direct me to that direction please that how that can be taken care of?

1 Like
5

We don’t currently provide server-side session ID generation - it is all done on the client side. If that’s something you need, you have 2 options:

  • Generate the session ID in your web server, pass it to the client, and attach it to events as a custom context.
  • Use the JS tracker’s callback methods to retrieve the Snowplow IDs, pass those to your server, generate a session ID in the server, send events from your server containing all of those ids (using our server-side trackers), and stitch them to your client-side events in the warehouse.

As for a server-side user ID - we do natively set the network_userid. For it to function properly as a first party cookie, the collector configuration and endpoints must be set up to do so.

You also have the option of following the same process I described above to connect your own server-side ID to your client-side events.

Hope that’s helpful.

1 Like
6

Thank you @Colm for detailed information. It is helpful.

While working with domain session and user ids, I have observed that they are related with cookieLifetime. When I set it to a very low number then I have seen that both user and session ids are getting replaced with new ids.
My expectation from session id is that it gets replaced on closing and reopening the browser only.
My expectation from user id is that it stays same until a specified time period.
It is not working like this with my current configs.

Questions:
1.So what do I need to do so that only session id changes but user id stays same on browser close and reopen?

2.Also is there a way to change current user id with any other guid generated manually. For example, there is a user id that I need to replace with another id once user will login to my app?

Config:
snowplow(“newTracker”, “sp”, “collectorUrl.com”, {
appId: “AnalyticsApp”, // You will add snowplow on multiple apps so appId will help you detect what app you are tracking
platform: “web”,
cookieDomain: null,
discoverRootDomain: true,
cookieName: “sp”,
//For prod
// cookieSameSite: “None”,
// cookieSecure: true,
// for local
cookieSameSite: “Lax”,
cookieSecure: false,
encodeBase64: false,
respectDoNotTrack: false,
pageUnloadTimer: 500,
forceSecureTracker: false,
eventMethod: “post”,
bufferSize: 1,
maxPostBytes: 40000,
crossDomainLinker: function (linkElement) {
return (linkElement.href === “http://acme.de” || linkElement.id === “crossDomainLink”);
},
cookieLifetime: 63072000,
stateStorageStrategy: “cookie”,
maxLocalStorageQueueSize: 1000,
resetActivityTrackingOnPageView: true,
connectionTimeout: 5000, // Available from 2.15.0
skippedBrowserFeatures: , // Available from 2.15.0
anonymousTracking: false, // Available from 2.15.0
// anonymousTracking: { withSessionTracking: true } // Optional
contexts: {
webPage: true,
performanceTiming: true,
// gaCookies: true,
geolocation: false,
clientHints: true, // Available from 2.15.0
// clientHints: { includeHighEntropy: true } // Optional
}
});

7

Yes, that is exactly the behaviour I would expect. The values are stored in a cookie, so if you set the lifetime of those cookies to a low number, they’ll expire.

My expectation from session id is that it gets replaced on closing and reopening the browser only.

The documentation explains the behaviour of the session ID:

Whenever an event fires, the Tracker creates a session cookie. If the cookie didn’t previously exist, the Tracker interprets this as the start of a new session.

By default the session cookie expires after 30 minutes. This means that a user leaving the site and returning in under 30 minutes does not change the session. You can override this default by setting sessionCookieTimeout to a duration (in seconds) in the argmap.

As for your questions:

My expectation from user id is that it stays same until a specified time period.
It is not working like this with my current configs.
1.So what do I need to do so that only session id changes but user id stays same on browser close and reopen?

I see you’ve set cookieDomain to null. That’s probably the cause of your issue. Browsers these days are quite strict on what cookies can be set and accessed. If your cookie domain does not match your website domain, then those cookies won’t behave themselves.

2.Also is there a way to change current user id with any other guid generated manually. For example, there is a user id that I need to replace with another id once user will login to my app?

The tracker doesn’t allow overwriting of its standard, core data like the domain userid. But there is a setUserId method which sets a custom userid. Additionally, you can attach custom contexts to any or all events to track any data you wish to.

2 Likes
8

@Colm This information was really helpful. I am able to achieve what I was looking for.
Thank you so much for your help.

I have set sessionCookieTimeout to be 0 so that the session will end on browser close.
I am not setting cookieLifetime. If I am correct it will keep my userId valid for 2 years.
I was able to achieve this keeping cookieDomain to be null.
Also I am using these two values in local host to achieve my goal:
cookieSameSite: “Lax”,
cookieSecure: false,