Identification and cookies

Identification means linking a user to a contact ID in Engage. When a user is identified, it's then possible to build an understanding of their behavior on the site and offer a personalized experience and more relevant communication.

Common situations when a visitor is identified are:

As soon as a visitor is identified by the site (see the common cases listed above) the setContactId() method should be invoked.

Keep in mind the visitor might already be identified (such as by an email link click), and invoking this method incorrectly might clear the existing identification. The function setContactId() will not generate a HTTP request to the Collect endpoint.

va("setContactId", "contactId");

From when a contact is identified, all upcoming tracking events from the same browser are linked to them. This applies until the first-party cookie disappears or changes (for example, when another user logs into the site from the same browser). Voyado recommends that the e-com always includes the contactId in all tracking events such as cart() and productview().

Regardless of whether the contact is identified or not, all tracking events are always linked to the browser via a first-party cookie. That means anonymous tracking events can be linked to a contact ID afterwards, and the e-com site should not limit tracking events such as cart() and productview() to only identified or logged-in users.

*In Safari, the lifespan of all cookies created with JavaScript is a maximum of 7 days, but this can be extended using server-side cookies (see below).

Call setContactId() only when the user is identified by the site.

As soon as the site knows who the user is (for instance after login), setContactId() must be called with the user’s contactId. Likewise, when using the soft identification in links to sites implementing the tracking script, make sure to set the contactId from the decrypted eClub query parameter. The function should never be called with zero, empty (no value) or other invalid value, as this could potentially reset an existing identification.

The cookie _vaI (which stores the contactId) is created client-side by the script. With Apple ITP (Intelligent Tracking Prevention) all client-side cookies (and LocalStorage) have a capped lifetime (of 7 days) in Safari. Which means that when an identified visitor doesn't revisit the site within 7 days, the cookie will expire and the script won't be able to identify the visitor using the _vaI cookie.

The cookie lifetime cap applies only to cookies created client-side (with Safari) and doesn't affect server-side created cookies. The tracking script now supports copying the value from a cookie _vaI_server created server-side as a fallback to recreate the client-side cookie _vaI.

The cookie _vaI will be recreated, if needed, in this specific order:

By implementing _vaI_server identified visitors will stay identified when returning even after 7 days have passed. To implement this, the site (server-side) should check if the request includes a _vaI cookie. If so, the site should copy the value to a new cookie _vaI_server, giving it a 1-year expiration date, and add it to the response.

An example in C#:

if(HttpContext.Request.Cookies.TryGetValue("_vaI", out var contactId) && !string.IsNullOrWhiteSpace(contactId) && contactId != "undefined")
{
    var option = new CookieOptions 
    { 
        Expires = DateTimeOffset.Now.AddYears(1), 
        HttpOnly = false
    };            
    HttpContext.Response.Cookies.Append("_vaI_server", contactId, option);
}