Cookies and localStorage in snippets

  • Updated
  • Optimizely Web Experimentation
  • Optimizely Web Personalization
  • Optimizely Performance Edge

You can uniquely identify visitors, track their actions, and deliver consistent experiences across page loads with persistent visitor-level cookies and localStorage. Each cookie Optimizely Experimentation sets stores a different set of data. See Intelligent Tracking Prevention and Optimizely Web Experimentation for information.

Optimizely Performance Edge and Optimizely Experimentation use cookies the same way, so this information applies to experiments created with either version of Optimizely Experimentation.

Do not directly reference the cookies and localStorage keys in code, as the specific data format and the cookies may change over time and break your experiences. Instead, use the JavaScript API for Optimizely Web Experimentation.

If your Optimizely Experimentation account uses custom snippets, you might see multiple snippets listed for your projects. See Custom snippets in Optimizely Web Experimentation for information. 

Beginning with iOS 12.2 and Safari 12.1 on macOS High Sierra and Mojave, Intelligent Tracking Protection 2.1 is the default behavior. Cookies set on the client side with JavaScript using document.cookie can last for a maximum of seven days.

Cookies

The Optimizely Web Experimentation's JavaScript snippet uses cookies to store some data in visitors' browsers. These are first-party cookies.

When developing experiences on your site, use the JavaScript API.

Do not reference the cookies and localStorage keys directly, as they may change anytime.

If Optimizely Web Experimentation or Optimizely Performance Edge is implemented within a third-party frame (a frame or iframe whose domain differs from the domain of the page), the cookies that it needs to read and write are considered third-party cookies.

These cookies are likely to be rejected in browsers like Safari and Firefox. Starting with Chrome 80, these cookies are still supported, but only if they explicitly include the Secure; SameSite=None; directives. See the Chromium Blog for information.

You can configure the Optimizely Web Experimentation snippet to set its cookies with these directives. File a Support ticket to enable this setting if you currently run experiments within a third-party frame.

The following are descriptions of the cookies that Optimizely Experimentation sets:

optimizelyEndUserId

  • What – Stores a visitor's unique Optimizely Experimentation identifier. It is a combination of a timestamp and a random number. No other information about you or your visitors is stored inside.

  • Example value – "oeu1383080393924r0.5047421827912331".

  • Expiration – Six months from the last page visit or a period of your choice (using the setCookieExpiration and extendCookieLifetime APIs).

optimizelyRedirectData

  • What –After Optimizely Experimentation has executed a redirect experiment, it stores various data from the original page so that Optimizely Experimentation still has access to it on the new page.

  • Expiration – Five seconds.

optimizelyDomainTestCookie

  • What – When Optimizely Experimentation loads a URL, the snippet places the cookie to get the current domain for determining whether cross-domain syncing is possible. If successful, the cookie is immediately removed. 

  • Expiration – Six months, but the cookie is removed by Optimizely Experimentation immediately after the set action is successful.

optimizelyOptOut

  • What – Stores a boolean indicating whether the visitor has opted out of participating in Optimizely Experimentation powered experimentation. A visitor can opt-out by using the opt-out tool. See Data Subject Rights – Third Party End Users for information. An Optimizely Experimentation customer can set this cookie's value through the snippet's optOut API call.
  • Example values – "true", "false".

  • Expiration – Ten years from using the opt-out tool or snippet's optOut API.

In Optimizely Experimentation, you can use the JavaScript API to set the cookie domain. You can also use the API to set the cookie expiration and enable or disable the extend cookie lifetime function.

RUM cookies

For a small percentage of your visitors (less than ten percent), Optimizely Experimentation tries to collect performance and product usage telemetry. Optimizely collects no personal data.

This process is called Real User Monitoring or RUM. Visitors who are sampled for this telemetry data have two cookies on the domain rum.optimizely.com. These are session cookies and do not persist on the visitor's device. The domain attribute of these cookies is rum.optimizely.com.  The aforementioned set cookie domain API has no effect on these. See Cookie domain for information. 

AWSELB

  • What – Enables sticky sessions. RUM requires sticky sessions. See AWS load balancer documentation. for information. Its value is random data.
  • Example value – 
    "799B7FFB1A5DA8D5E09A5D5213B368BD54D987883D4B3B3193567422FA84E59605DE048B6A4B6B488C4DAEFC462F7170F3506CF8FB2F0CBDAA360D722F3F52CFE3A55DF331A5DE690D18747252F1146EF3D3629B00"
  • Expiration – N/A; it is a session cookie.

optimizelyRumLB

localStorage

Optimizely Web Experimentation and Optimizely Performance Edge store data under the following keys in localStorage.

Keys set by Optimizely Experimentation

The following are keys set by Optimizely Experimentation. {visitorId} is dependent on the visitor ID and stored in the optimizelyEndUserId cookie, and {projectNamespace} can be a project ID or its account ID depending on whether the project is linked. See Custom snippets in Optimizely Web Experimentation for information. 

When developing experiences on your site, you must use the Optimizely Web Experimentation.

Do not reference the cookies and localStorage keys directly, as they may change anytime.

visitorId is a combination of a timestamp and a random number. No other information about you or your visitors is stored inside.

  • optimizelyData$${visitorId}$${projectNamespace}$$event_queue – Stores event instances that are waiting to be added to the previous ...$$events key.
  • optimizelyData$${visitorId}$${projectNamespace}$$events – Stores event instances that describe the visitor's actions on your website.
  • optimizelyData$${visitorId}$${projectNamespace}$$layer_states – Stores bucketing decision (variation and holdback assignment) for each layer in Optimizely Web Experimentation and Optimizely Personalization.
  • optimizelyData$${visitorId}$${projectNamespace}$$session_state – Tracks the session identifier and timestamp, which helps Optimizely Experimentation identify sessions for analytics purposes.
  • optimizelyData$${visitorId}$${projectNamespace}$$variation_map – Records the variation that the visitor sees for each experiment. This lets Optimizely deliver a consistent experience on successive page loads.
  • optimizelyData$${visitorId}$${projectNamespace}$$visitor_profile – Stores the visitor's values for various audience conditions. This is important for sticky conditions like Ad Campaign, Source Type, and Referrer, for which the first observed value is important.
  • optimizelyData$${visitorId}$${projectNamespace}$$layer_map – Stores bucketing information within mutual exclusion groups.
  • optimizelyData$${visitorId}$${projectNamespace}$$tracker_optimizely – Temporarily stores the events that are sent in batches to the Optimizely Experimentation Event API.
  • optimizelyData$${visitorId}$${projectNamespace}$$pending_events – Temporarily stores XMLHttpRequest information, enabling the snippet to reliably send requests (for instance, to the Event API) even if the visitor navigates to a new page while a request is in progress.
  • optimizelyData$${visitorId}
  • optimizelyData$${visitorId}$$events
  • optimizelyData$${visitorId}$$event_queue
  • optimizelyData$${visitorId}$$layer_states
  • optimizelyData$${visitorId}$$session_state
  • optimizelyData$${visitorId}$$visitor_profile
  • optimizelyData$${visitorId}$$variation_map

Origins

Unlike cookie data, localStorage is scoped to a single origin. An origin is a combination of a specific hostname, protocol, and port on your site. Two pages have the same origin if the protocol, port (if one is specified), and host are the same for both pages. See the Same-origin policy in Mozilla documentation. 

This is an example of pages that do not have the same or different origins as https://shop.example.com:

  • http://shop.example.com – Different security protocol.

  • https://example.com  – Different subdomains.

The documented localStorage keys are set on every domain that uses Optimizely Experimentation.

For Optimizely Web Experimentation or Optimizely Performance Edge to recognize visitors across your pages and deliver consistent experiences, each visitor's data replicates on all of your subdomains by routing it through another origin: https://{yourAccountId}.cdn.optimizely.com/. Your visitors' data is set on that origin as well, and on every page load with an Optimizely Experimentation snippet on it, Optimizely Experimentation makes an async call to this origin to sync this data. This syncs information across origin and across subdomains. See Cross-origin tracking for information. 

Optimizely Web Experimentation and Optimizely Performance Edge do not combine visitor data from multiple accounts.