Cookies and localStorage in snippets

  • Updated
  • Optimizely Web Experimentation
  • Optimizely Performance Edge

Optimizely Web Experimentation and Optimizely Performance Edge enable you to uniquely identify visitors, track their actions, and deliver consistent experiences across page loads via persistent visitor-level cookies and localStorage. Each cookie Optimizely Experimentation sets stores a different set of data. See Intelligent Tracking Prevention and Optimizely Web Experimentation for more information.

Optimizely Performance Edge and Optimizely Web Experimentation use cookies the same way, so this information applies to experiments created with either version of Optimizely Experimentation.

Do not directly reference the cookies and localStorage keys in code, as the specific data format and the cookies may change over time and break your experiences. Instead, use the JavaScript API for Optimizely Web Experimentation.

If your Optimizely Experimentation account uses custom snippets, you might see more than one snippet listed for your projects. See Custom snippets in Optimizely Web Experimentation for more information. 

Beginning with iOS 12.2 and Safari 12.1 on macOS High Sierra and Mojave, Intelligent Tracking Protection 2.1 is the new default behavior. All client-side cookies (cookies set from JavaScript via document.cookie) have a maximum 7-day expiry period.

Cookies

Optimizely Web Experimentation's JavaScript snippet uses cookies to store some data in visitors' browsers. These are first-party cookies.

When developing experiences on your site, use the JavaScript API.

Do not reference the cookies and localStorage keys directly, as they may change at any time.

If Optimizely Web Experimentation or Optimizely Performance Edge is implemented within a third-party frame (a frame or iframe whose domain differs from the domain of the page), the cookies that it needs to read and write are considered third-party cookies.

These cookies are likely to be rejected in browsers like Safari and Firefox. Starting with Chrome 80, these cookies are still supported, but only if they explicitly include the Secure; SameSite=None; directives. See Chromium Blog for more information.

You can configure the Optimizely Web Experimentation snippet to set its cookies with these directives. Please file a support ticket to enable this setting if you currently run experiments within a third-party frame.

The following are descriptions of all cookies that Optimizely Web Experimentation and Optimizely Performance Edge set:

optimizelyEndUserId

  • What – Stores a visitor's unique Optimizely Experimentation identifier. It is a combination of a timestamp and a random number. No other information about you or your visitors is stored inside.

  • Example value – "oeu1383080393924r0.5047421827912331"

  • Expiration 6 months from last page visit, or a period of your choice (per the setCookieExpiration and extendCookieLifetime APIs)

optimizelyRedirectData

  • What –After Optimizely Experimentation has executed a redirect experiment, it stores various data from the original page so that Optimizely Experimentation still has access to it on the new page.

  • Expiration – 5 seconds

optimizelyDomainTestCookie

  • What – When Optimizely Experimentation loads a URL, the snippet places the cookie to get the current domain for determining whether cross-domain syncing is possible. If successful, the cookie is immediately removed. 

  • Expiration – 6 months but the cookie is removed by Optimizely Experimentation immediately after the set action is successful.

optimizelyOptOut

  • What – Stores a boolean indicating whether the visitor has opted out of participating in Optimizely Experimentation powered experimentation. A visitor can opt out by using the opt-out tool. See

    Data Subject Rights - Third Party End Users for more information. An Optimizely Experimentation customer can set this cookie's value via the snippet's optOut API call.

  • Example values – "true", "false"

  • Expiration  10 years from the use of the opt-out tool or snippet's optOut API.

In Optimizely Experimentation, you can use the JavaScript API to set cookie domain. You can also use the API to set cookie expiration and to enable or disable the extend cookie lifetime function.

RUM cookies

For a small percentage of your visitors (less than 10%), Optimizely Web Experimentation and Optimizely Performance Edge attempt to collect performance and product usage telemetry; Optimizely collects no personal data. This process is called Real User Monitoring or RUM. Visitors who are sampled for this telemetry data have two cookies on the domain rum.optimizely.com. These are both session cookies and do not persist on the visitor's device. The domain attribute of these cookies is always rum.optimizely.com; the aforementioned set cookie domain API has no effect on these. See Cookie domain for more information. 

AWSELB

  • What – Enables sticky sessions. RUM requires sticky sessions. See AWS load balancer documentation. for more information. Its value is random data.
  • Example value
    "799B7FFB1A5DA8D5E09A5D5213B368BD54D987883D4B3B3193567422FA84E59605DE048B6A4B6B488C4DAEFC462F7170F3506CF8FB2F0CBDAA360D722F3F52CFE3A55DF331A5DE690D18747252F1146EF3D3629B00"
  • Expiration – N/A; it is a session cookie.

optimizelyRumLB

localStorage

Optimizely Web Experimentation and Optimizely Performance Edge store data under the following keys in localStorage.

Keys set by Optimizely Experimentation

The following are keys set by Optimizely Web Experimentation, Personalization, and Optimizely Performance Edge. {visitorId} is dependent on the visitor ID and stored in the optimizelyEndUserId cookie, and {projectNamespace} can be a project ID or its account ID depending on whether the project is linked. See Custom snippets in Optimizely Web Experimentation for more information. 

When developing experiences on your site, it is important to use the JavaScript API. Here are resources for Optimizely Web Experimentation.

Do not reference the cookies and localStorage keys directly, as they may change at any time.

visitorId is a combination of a timestamp and random number. No other information about you or your visitors is stored inside.

  • optimizelyData$${visitorId}$${projectNamespace}$$event_queue – Stores event instances that are waiting to be added to the previous ...$$events key.
  • optimizelyData$${visitorId}$${projectNamespace}$$events – Stores event instances that describe actions the visitor takes on your website.
  • optimizelyData$${visitorId}$${projectNamespace}$$layer_states – Stores bucketing decision (variation and holdback assignment) for each layer in Optimizely Web Experimentation and Optimizely Personalization.
  • optimizelyData$${visitorId}$${projectNamespace}$$session_state –Tracks the session identifier and timestamp, which helps Optimizely Experimentation identify sessions for analytics purposes.
  • optimizelyData$${visitorId}$${projectNamespace}$$variation_map – Records the variation that the visitor sees for each experiment. This allows Optimizely to deliver a consistent experience on successive page loads.
  • optimizelyData$${visitorId}$${projectNamespace}$$visitor_profile – Stores the visitor's values for various audience conditions.  This is important for sticky conditions like Ad Campaign, Source Type, and Referrer, for which the first observed value is important.
  • optimizelyData$${visitorId}$${projectNamespace}$$layer_map – Stores bucketing information within mutual exclusion groups.
  • optimizelyData$${visitorId}$${projectNamespace}$$tracker_optimizely – Temporarily stores the events which send in batches to the Optimizely Experimentation Event API.
  • optimizelyData$${visitorId}$${projectNamespace}$$pending_events – Temporarily stores XMLHttpRequest information, enabling the snippet to reliably send requests (e.g., to the Event API) even if the visitor navigates to a new page while a request is in progress.
  • optimizelyData$${visitorId}
  • optimizelyData$${visitorId}$$events
  • optimizelyData$${visitorId}$$event_queue
  • optimizelyData$${visitorId}$$layer_states
  • optimizelyData$${visitorId}$$session_state
  • optimizelyData$${visitorId}$$visitor_profile
  • optimizelyData$${visitorId}$$variation_map

Origins

Unlike cookie data, localStorage is scoped to a single origin. An origin is a combination of a specific hostname, protocol, and port on your site. Two pages have the same origin if the protocol, port (if one is specified), and host are the same for both pages. See Same-origin policy in Mozilla documentation. 

This is an example of pages that do not have the same or different origins as https://shop.example.com:

  • http://shop.example.com (different security protocol)

  • https://example.com (different subdomain) 

The documented localStorage keys are set on every domain that uses Optimizely Experimentation.

For Optimizely Web Experimentation or Optimizely Performance Edge to recognize visitors across your pages and deliver consistent experiences, each visitor's data replicates on all of your subdomains by routing it through another origin: https://{yourAccountId}.cdn.optimizely.com/.  Your visitors' data is set on that origin as well, and on every page load with an Optimizely Experimentation snippet on it, Optimizely Experimentation makes an async call to this origin to sync this data. This syncs information across origin as well as across subdomains. See Cross-origin tracking for more information. 

Optimizely Web Experimentation and Optimizely Performance Edge do not combine visitor data from multiple accounts.