Introduction to Using Cookies for Tracking Activity on a Website

By January 31, 2013Analytics

What are cookies?

Cookies are small snippets of text which anonymously identify a unique browser visiting a website. delete-cookies (174x200)Cookies can be used to save user data like username & password to make repeated sign-ins to a website easier, to track “state” or navigation, so that a browser can leave a web session and return later and find the same product in their shopping cart, or can review recent products.

Cookies are also used to collect behavior data on a website or marketing campaign.

When a web browser sends an HTTP request to a web-server, asking to view a page, the server replies with an HTTP response, which often contains “set-cookie”, an instruction to store a store a small text file. If the browser accepts, the file will be stored on the computer and sent back to the web-server along with future HTTP requests.  Cookies can be designed so that the data in them is changed by activity of the web browser or by active request from the web server.

What are the types of cookies in use today?

Cookies are generally broken down by domain and by how long the cookie lasts.

First Party Cookies

first party cookie is set using the domain of the site that the browser is visiting. When you visit the cookies it sets are all cookies, and track browser activity all over the website. First party cookies are preferable for tracking unique visitors because very few browsers reject or delete first party cookies.

Third Party Cookies

third party cookie is set by a different domain that the one the browser is visiting, for example, if a browser visits an AdTracker cookie is set by a third party ad serving application (like, for example) Third party cookies can track a user across any domains, so it will know if my screen has displayed the same Budweiser banner, how many times it was displayed across a variety of websites before I clicked it. Many browsers do not accept third party cookies, because of perceived threats to privacy, regarding tracking users across multiple web sites and recording browsing history.

Cookies are also distinguished by how long they last. A cookie that expires (and gets automatically deleted) when a user closes their web browser, or navigates away from a particular website is called a “session cookie”, and can be used to track a visit, record what items are placed into a shopping cart, or record completion of forms or surveys.

Persistent Cookies

persistent cookie lasts even after a browser leaves a website, closes their browser, or even shuts down their computer.  Persistent cookies have expiration dates anywhere from a few days to many years, and those dates can be extended by repeated visits to a site. Google Analytics uses a persistent cookie to track things like how many times a browser has returned to a certain web page.

What types of cookies are used along with Google Analytics?

Google uses 5 types of cookies, all identified with the prefix  “_utm” from an earlier version of the tracking tool, called “Urchin Tracking Module”.  All are first party cookies, to improve reliability and reduce browser rejection.

_utma   expires after 2 years, unless it is renewed. Used to distinguish users and sessions
_utmb expires 30 minutes last use , identifies a new session
_utmc   mostly deprecated, used for with older Analytics implementations that still use urchin.js
_utmz   expires 6 months after use, stores traffic source data, determines how a user arrived at a site.
_utmv   expires after 2 years, unless renewed, used by developers for custom variable data

What sorts of things DON’T cookies do well?

The one thing that cookies do really well is track use of a specific browser, as long as that user does their browsing on the same computer, with the same web browser.  If a person does some browsing in FireFox, some in IE, and some in Chrome, cookies will do a poor job of tracking their activity. If users have cookies blocked, or delete cookies when they end their browsing session, data will be inaccurate. If users continue their experience across multiple devices (home computer, laptop, work-desktop, public computer at a coffee shop or library, mobile device, etc…) it is very difficult for a cookie to identify that user as the same across all devices. For example, it isn’t uncommon for an auto buyer to visit a web-site to review vehicle features and performance 6 or more times, on 3 or 4 different devices before purchase. These could easily show up as 4 unique visitors each visiting once or twice, which would send very different signals through Analytics and might impact design or content decisions. How do you evaluate “how many visits to purchase” in this environment?

Rejecting Cookies

When people delete cookies after their session, the data collected on their next visit will be inaccurate.

Unfortunately (to quote Avinash Kaushik) , “Data Quality Sucks, Let’s Just Get Over It”, in other words, despite the high variability of accuracy, we have a tremendous amount of data, we make the best decisions that we can with it, and even if the data isn’t perfect, we improve and refine based on the results of our decisions. In the best case, we make decisions based on meaningful indicators, driven by purchase or other conversion data or, as my schoolmates used to say on the playground, “close counts in horse-shoes & hand-grenades”, and now it counts in web analytics as well.

Related Posts
Internet Ethics Part I: Cookies, Privacy and the Value of Content
The Evolution of Web Analytics Tech: We’ve Come a Long Way Baby!
Web Analytics as a Business: A Brief History 

Zoe Huden

Author Zoe Huden

More posts by Zoe Huden