Skip to main content

Identification and cookies

This article will help you understand:

  • The setContactId() function

  • Identification through clicking a link in an email

  • Identification on-site

  • Best practices concerning cookies and identification

  • Important steps to ensure during implementation


Identification means linking a user to a contact ID in Engage. When a user is identified, it's then possible to build an understanding of their behavior on the site and offer a personalized experience and more relevant communication.

Common situations when a visitor is identified are:

  • A contact registers as a newsletter subscriber

  • A contact registers for a loyalty program

  • A contact logs in

  • A contact completes a purchase

  • A contact uses a soft identification

Using setContactId() on identified users

As soon as a visitor is identified by the site (see the common cases listed above) the setContactId() method should be invoked.

Keep in mind the visitor might already be identified (such as by an email link click), and invoking this method incorrectly might clear the existing identification. The function setContactId() will not generate a HTTP request to the Collect endpoint.






Voyado Engage contact id

va("setContactId", "contactId");

Identified and non-identified tracking events

From when a contact is identified, all upcoming tracking events from the same browser are linked to them. This applies until the first-party cookie disappears or changes (for example, when another user logs into the site from the same browser). Voyado recommends that the e-com always includes the contactId in all tracking events such as cart() and productview().

Regardless of whether the contact is identified or not, all tracking events are always linked to the browser via a first-party cookie. That means anonymous tracking events can be linked to a contact ID afterwards, and the e-com site should not limit tracking events such as cart() and productview() to only identified or logged-in users.

List of relevant cookies




Life span*


Client ID. Generated by the script and links all events to a specific contact.


1 year


Contact ID (guid/shortguid). If the contact is identified in Engage this links events to them.


1 year

*In Safari, the lifespan of all cookies created with JavaScript is a maximum of 7 days, but this can be extended using server-side cookies (see below).


The final character in _vaI is an upper-case I as in igloo. This can be hard to see in certain fonts.

Important to remember during implementation

Call setContactId() only when the user is identified by the site.

As soon as the site knows who the user is (for instance after login), setContactId() must be called with the user’s contactId. Likewise, when using the soft identification in links to sites implementing the tracking script, make sure to set the contactId from the decrypted eClub query parameter. The function should never be called with zero, empty (no value) or other invalid value, as this could potentially reset an existing identification.

Support for server-side cookies

The cookie _vaI (which stores the contactId) is created client-side by the script. With Apple ITP (Intelligent Tracking Prevention) all client-side cookies (and LocalStorage) have a capped lifetime (of 7 days) in Safari. Which means that when an identified visitor doesn't revisit the site within 7 days, the cookie will expire and the script won't be able to identify the visitor using the _vaI cookie.

The cookie lifetime cap applies only to cookies created client-side (with Safari) and doesn't affect server-side created cookies. The tracking script now supports copying the value from a cookie _vaI_server created server-side as a fallback to recreate the client-side cookie _vaI.

The cookie _vaI will be recreated, if needed, in this specific order:

  1. The site invokes setContactId() or includes contactId in an event

  2. The URL param vtid exists

  3. The LocalStorage key vtid exists

  4. The cookie _vaI_server exists

By implementing _vaI_server identified visitors will stay identified when returning even after 7 days have passed. To implement this, the site (server-side) should check if the request includes a _vaI cookie. If so, the site should copy the value to a new cookie _vaI_server, giving it a 1-year expiration date, and add it to the response.

An example in C#:

if(HttpContext.Request.Cookies.TryGetValue("_vaI", out var contactId) && !string.IsNullOrWhiteSpace(contactId) && contactId != "undefined")
    var option = new CookieOptions 
        Expires = DateTimeOffset.Now.AddYears(1), 
        HttpOnly = false
    HttpContext.Response.Cookies.Append("_vaI_server", contactId, option);