Tracker function 'setCookieDomain(..)' seems to have no effect

dertom · October 28, 2013, 11:12am

Hello everybody,

I tried hard last days to get it working. Searches didn’t yield any results, so as my last resort I’d like to ask for help here.

For cross domain tracking, I want to be able to read the _pk_uid cookie within a service hosted on a different sub domain.
My Piwik tracker is established on myDomain.com.
In order that the cookie is actually sent to that sub domain it needs to have the domain *.myDomain.com .
In order to achieve that I initialized my tracker in that way:


var pkBaseURL = "http://myDomain.com/";
var trck = Piwik.getTracker(pkBaseURL + "piwik.php", 1);
trck.setSiteId(4);
trck.setTrackerUrl(pkBaseURL + "piwik.php");
trck.setCookieDomain('*.myDomain.com');
trck.setDomains('*.myDomain.com');
trck.enableLinkTracking();
trck.trackPageView();

So far, so good, implemented as the manual proposes, I think.
Tracking works, can see visits, all seems to be fine. But when I look at the cookies established within Firebug or Chrome developer tools, the piwik cookies established still point to the domain myDomain.com instead of .myDomain.com.
Am I doing something wrong or is that a bug or is it a feature?
Help is much appreciated.

Best regards
Tom

matthieu · October 28, 2013, 9:58pm

It works on piwik.org as you can see _pk cookies are set on .piwik.org

dertom · October 29, 2013, 9:21am

Hey matt,

thanks for the answer. You are right. This is a good point. Had a look at the JS Code that spawns the tracker. Cannot see much of a difference.

Could it be a problem that I create the tracker on a totally different domain than the one where Piwik is hosted?
Means, the page where the tracker is created is served from myDomainBusiness.com and the domain of Piwik is myDomain.com.

matthieu · October 29, 2013, 8:45pm

the cookies are created on the domain of the website being tracked, not on the domain of the piwik server

dertom · October 30, 2013, 6:41pm

Hey,

thanks for the patience so far

Yes, for most circumstances that might be sufficient.
The thing is, that I want the piwik cookie to be assigned to a different, independent domain.
Although my service is provided on different domains, appearing as different brands, the user base is one for all.
In order to ‘recognize’ a (not signed in) user that has shortly changed the domain, it would be useful having an independent piwik cookie domain (which is the same for any domain where the service is provided).
Moreover, on a sub domain of that piwik cookie domain I have a service that is supposed to collect the piwik user id from the cookie and merge it with the HttpSession of the user. This would allow me to put backend tracking in place as well, working with the same piwik user id that is known in the browser.
And finally that is also the reason why I need that cookie to be set to an independent wildcard domain.

matthieu · October 31, 2013, 9:26pm

2 soluiions I think

enable third party cookies (see faq) but many users block them
we could implement the ability for Piwik to “forward first party cookies on click” but it’s not done yet
see also related feature: Accurate User Detection cross devices: User ID (set in JS and all other clients) · Issue #3490 · matomo-org/matomo · GitHub

dertom · November 6, 2013, 1:03pm

Hello,

sorry for my late response.

We have 3d party cookies enabled.

[quote=“3) see also related feature: [dev.piwik.org]"]”]
[/quote]
I have found that feature already and it would indeed solve my problem. Unfortunately it is not available yet, if I do not misunderstand.

Back to the 3rd party cookies; What I noticed is that in the Response headers of the tracker HTTP request, the cookie domain is actually, explicitly set for 1st party cookies. On the other hand, with 3rd party cookies enabled, the cookie domain is not set. Thus, no configuration of the cookie domain, let it be in the JS tracker or in the php config files, seems to have an effect, due it is not included in the Set-Cookie response header. Is it intended to ignore the cookie domain set on the piwik tracker to be used for 3rd party cookies, maybe for security reasons?

dertom · November 6, 2013, 2:41pm

Hello, it’s me again.

We now have a working solution. The drawback with that solution is, that the piwik source code has been changed. A colleague of mine made sure that the cookie domain set in the config.ini.php is also used for 3rd party cookies.
As my previous post suggested (which is not visible yet for me), the cookie domain is correctly put into the Response Headers ‘Set-Cookie’ of the JS tracker that requests the piwik server, but only for 1st party cookies. 3rd party cookies do not have the domain information set in the header.
The following changes to the piwik code now fixes that and allows to explicitly set the 3rd party cookie domain, at least from the config.ini.php which could look like that:


...
use_third_party_id_cookie = 1
cookie_name = _pk_uid
cookie_path = "/"
cookie_domain = ".mydomain.tld"
...

The following changes were made to the piwik source code that I got here. It’s version 1.12.
I mention that because I perceived that there seem to be different files in the GitHub repository and the version you can download from the link I just mentioned.

First of all we added the parameter ‘domain’ to the constructor of the cookie. It concerns the file
Cookie.php:


public function __construct($cookieName, $expire = null, $path = null, $domain = null, $keyStore = false)
{
    $this->name = $cookieName;
    $this->path = $path;
    $this->domain = $domain; // NEW!
    $this->expire = $expire; 
...

Eventually we adapted the usages of that construction in two files: Visit.php and IgnoreCookie.php

Visit.php


protected function recognizeTheVisitor()
{
    $this->visitorKnown = false;
    $this->setCookie(new Piwik_Cookie(
    $this->getCookieName(),
    $this->getCookieExpire(),
    $this->getCookiePath(),
    $this->getCookieDomain())); // NEW!
    $this->printCookie();

IgnoreCookie.php:


static public function getTrackingCookie()
{
    $cookie_name = @Piwik_Config::getInstance()->Tracker['cookie_name'];
    $cookie_path = @Piwik_Config::getInstance()->Tracker['cookie_path'];
    $cookie_domain = @Piwik_Config::getInstance()->Tracker['cookie_domain']; // NEW!
    return new Piwik_Cookie($cookie_name, null, $cookie_path, $cookie_domain); // CHANGED!
}
....
static public function getIgnoreCookie()
{
    $cookie_name = @Piwik_Config::getInstance()->Tracker['ignore_visits_cookie_name'];
    $cookie_path = @Piwik_Config::getInstance()->Tracker['cookie_path'];
    $cookie_domain = @Piwik_Config::getInstance()->Tracker['cookie_domain']; // NEW!
    return new Piwik_Cookie($cookie_name, null, $cookie_path, $cookie_domain); // CHANGED!
}

Now, we get our third party cookie correctly set to a wildcard domain

My hope is that these changes fit into the (don’t know how to say) “piwik coding policy” and thus could be included into the official piwik sources. This way we got an improvement of piwik itself, as well as updating piwik won’t be painful for us
Please tell me what I can do in order to introduce these changes or speed up that process and whether it is reasonable for you at all.

Regards,
Tom

matthieu · November 7, 2013, 1:11am

Hi Tom,

Good to hear you found something. It would be great if you can contribute these improvements to piwik.

To do so please issue a Pull request on github. See here for information : http://piwik.org/participate/contributing-with-git/