Piwik using third-party or first-party cookies?


(edmcl) #1

From what I can tell, it appears that Piwik is using third-party cookies style_emoticons/<#EMO_DIR#>/unsure.gif . Are there plans to revise the tracking to use first party cookies?


(vipsoft) #2

It depends on how you host and use Piwik.

If you host Piwik on the same domain as your web site, you’ll have first-party cookies.

If you host Piwik on a different domain as your web site, you’ll have third-party cookies.

If you have multiple domains, you can host Piwik on each domain, but on the backend, point them all to the same MySQL database server. This way, you’ll also have first-party cookies. (If you’re hosting these web sites on the same physical server, you can use soft-links to avoid multiple Piwik installations.)


(edmcl) #3

[quote=vipsoft @ Feb 16 2009, 08:47 PM]It depends on how you host and use Piwik.

If you host Piwik on the same domain as your web site, you’ll have first-party cookies.

If you host Piwik on a different domain as your web site, you’ll have third-party cookies.

If you have multiple domains, you can host Piwik on each domain, but on the backend, point them all to the same MySQL database server. This way, you’ll also have first-party cookies. (If you’re hosting these web sites on the same physical server, you can use soft-links to avoid multiple Piwik installations.)[/quote]

Yes, all true.

But this puts a significant obstacle in the way of anyone that would like to provide a hosted analytics service using Piwik. If all of Piwik’s cookies are read and written server-side, then each customer from a different domain would need to create a CNAME to point to the hosting provider’s tracking system so the cookies would be first-party for that domain. And the hosting provider would, based on your suggestion above, need to create separate code installations for each customer.

This may not be a problem if it’s 5, 10 or 20 customers. But if it’s one hundred, or hundreds or thousands, it’s likely to be a support problem on one hand, and likely to be a lot of missed opportunities on the other, because of the number of people who will simply use Google instead of thinking about CNAMEs. I think this is a scaling issue for Piwik.

From what I can tell, Google Analytics resolves this issue by creating all it’s cookies with client-side JavaScript, passing the values created to the server side tracking script, which doesn’t appear to read or write any cookies directly at all. Because the cookies are all written client-side, they are all first-party and no one has to create a CNAME to point to www.google-analytics.com. And Google doesn’t have to do anything except provide a simple web-based setup process to get new customers on board. This obviously scales very well.

This is, from my perspective at least, a highly desirable scenario. I’d like to see Piwik use that same model.


(vipsoft) #4

The Piwik Vision is to offer a great, self-hosted analytics platform.

Cookies are the least of the challenges to anyone contemplating using Piwik in some business model to offer hosted analytics.

Obligatory disclaimer: I don’t speak for the Piwik team.


(edmcl) #5

[quote=vipsoft @ Feb 16 2009, 11:35 PM]The Piwik Vision is to offer a great, self-hosted analytics platform.

Cookies are the least of the challenges to anyone contemplating using Piwik in some business model to offer hosted analytics.

Obligatory disclaimer: I don’t speak for the Piwik team.[/quote]

I’m wondering if anyone who does speak for the Piwik team could take time to chime in on this topic.

Every analytics platform I’ve looked at, including Google, IndexTools (now owned by yahoo), WebTrends, all use first party cookies generated client side. Granted they all have a hosted, service provider model, but there is merit in this approach even for self-hosted analytics. The less work one has to do, the better, and it’s probable that even with self-hosted analytics, an organization will eventually want to track hosts in two domains on one Piwik installation.

In addition, if one of the aims is to integrate Piwik with OpenX, then I would think having the ability to write first party cookies client-side would be pretty important, assuming that OpenX can be used to advertise on 3rd party websites.


(Matthieu Aubry) #6

I agree, ideally piwik would offer option for first party cookie; however as you highlight it, it would be useful for users who want to offer a hosted analytics Piwik; if a piwik user wants to offer hosted Piwik, then he would have to build this feature.

piwik team is already overloaded with other problems and doesn’t plan to work on this, however technical discussions & patches are most welcome.


(Florent V.) #7

Hello,

Bumping this thread with feedback and a question.

The question first: how big a problem are third-party cookies? Do they get rejected a lot? I’ve found an article that mentions “numbers up to 40% [of users]”.

Feedback next: we plan to add decent visits tracking for a client with tens of small websites, and a few medium-sized websites. And to let them explore tracking data for all those websites in one installation/account. The plan was to use Piwik from stats.clientdomain.tld, but since most websites for this client are on different domains (clientotherdomain.tld…), the cookies from Piwik would be considered third-party cookies.

Even if you don’t intend to provide a hosted analytics service, this issue with third-party cookies and Piwik basically means that you need one installation of Piwik per web server or web hosting? What about someone who has several small websites on different shared hosting accounts? Companies with websites running on different servers (one linux, another one windows server)?


(vipsoft) #8

There is work being done (indirectly and directly) to make this happen. We agree that this is a desirable feature and have already created a ticket for this: http://dev.piwik.org/trac/ticket/557

The rejection rate of 3rd party cookies is an estimate and recited by secondary sources, but I don’t believe the methodology has ever has been reviewed nor the figure, independently verified.


(CreativeNotice) #9

I consider this to be a major limitation in Piwik, especially as it’s being billed as a gAnalytics competitor. I’m pretty new to Piwik though so I’m lost as to how involved a patch for this would be. Can someone more experienced in the core code explain what obstacles are in our way here.


(vipsoft) #10
  1. A decision has yet to be made on how first party cookies are to be created. Do we create it on the client/browser (e.g., GA and MS) or on the server (e.g., Y!)?

  2. What information will be stored in the FPC? If you look at ticket #403, there’s an issue re: the amount of information currently stored in Piwik visitor cookies. What can we memcache or store in MySQL?


(Matthieu Aubry) #11

See FAQ about first party cookies which have been implemented years ago! General - Analytics Platform - Matomo