Skip to main content

Cookies & storage

Client Side Cookies (JS SDK)

NameLifetimeDescriptionIs flag secureIs flag SameSiteIf deleted
_pcid13 months by default, can be configuredVisitor IDSameSite=laxNew cookie set, new visitor ID assigned
_pctx13 months by default, can be configuredPiano context storageSameSite=laxNo persistence of contextual information between Piano SDKs
_pprv13 months by default, can be configuredConsent Mode persistenceSameSite=laxNo persistence of Consent Mode, window.pdl.consent.defaultPreset.PA configuration assigned
pa_user13 months by default, can be configuredStored user informationSameSite=laxNo persistence of user information information in events
Before 6.8.0
NameLifetimeDescriptionIs flag secureIs flag SameSiteIf deleted
pa_vid13 months by default, can be configuredVisitor IDSameSite=laxNew cookie set, new visitor ID assigned
pa_user13 months by default, can be configuredStored user informationSameSite=laxNo persistence of user information information in events
pa_privacy13 months by default, can be configuredPrivacy Mode persistenceSameSite=laxNo persistence of Privacy Mode, privacyDefaultMode configuration assigned

Server Side Cookies

NameLifetimeDescriptionSecure flagSameSite flagHTTPOnly flagIf deleted
idrxvr13 monthsLegacy Server Side Visitor IDNew cookie set, new visitor ID assigned
atidx13 monthsServer Side Visitor IDNew cookie set, new visitor ID assigned
atid13 monthsMain Server Side Visitor IDSameSite=noneNew cookie set, new visitor ID assigned

Piano Analytics Mobile SDKs

Storage keyLifetimeDescription
pa_vid13 months by default, can be configuredVisitor ID
pa_uid13 months by default, can be configuredStored user information
pa_privacy13 months by default, can be configuredPrivacy Mode persistence
pa_crashUntil app relaunchCrash information
pa_lifecycleNo expirationApplication lifecycle

If you're migrating from SmartTag SDKs to Piano Analytics SDKs, we still use the atuserid cookie (visitor identification) so as not to cause a break in the detection of the visitor. As soon as this atuserid cookie is deleted, we replace it with _pcid cookie. Same applies to pa_vid (legacy value of PA SDK visitor cookie ID).

The atauthority cookie (Privacy) is not used anymore. Please implement Consent methods to deposit the new _pprv cookie instead (or Privacy methods if your use mobile SDKs).

Same applies for legacy atidvisitor cookie ("identified visitor" detection, now "user"). Please implement Users methods to deposit the new pa_user cookie instead.