Urgent: Piwik cookie crash web server


We are tracking traffic with Piwik on our pltaform using the JS Tracker API.

Our platform is managing multiple web sites, each gets a different site id.

We saw that for every web site there is a triplet of cookie created by piwik - _pk_id, _pk_ref, _pk_sess

After getting several of these - the web server suddenly returns a 400 bad request and cannot load the relevant site. When deleting the cookies it all returns to normal.

We are not sure if this is the number of cookies that is causing it or rather the contents of the cookie.

This is really urgent as I cannot instruct users to delete cookies…all over the web.

Any advice?

Arie Fishler.

We now see that this is probably caused by the number of Piwik cookies. When it reached 48 piwik cookies - server returns a 400 bad request.

Any idea how to manage this?

What webserver is that? Nginx?

And where do you really see 48 cookies for one site?
AFAIK there should be only one returned to one domain … .

yep…nginx. It is not for one domain, we manage multiple site ids so we get 3 cookies for each

I am currently looking at this to manage the situation. Question is if there is other stuff can be done.

Thanks for the quick reply.


Is there a recommendations on setting this parameter for nginx

What would be the number of size recommended to work in accordance with Piwik?

Thank You,

I don’t know what the recommended setting is but I’m running piwik on nginx with 6k sites with the following client header settings:

client_header_buffer_size       1k;
        large_client_header_buffers     4 16k;

(and thats from the old days where one additional cookie was set for each site)

Thank you - trying that

afishler: Do you have 3 copies of the tracking code on each web page?

If visitors to the domain can be partitioned by path, I would suggest using setCookiePath().

Each site has access to its own reports thus using a different site id. The reports for each site need to be separated.

Like Anthon said, you should use setCookiePath() to ensure cookies are set only in the path where you need them, not in the overall domain space