Wednesday, 28 January, 2009

Should I use a Third party or a First party cookie

-Akshay Ranganath

In this artilce, I'd like to point out the difference between the third and first party cookies and the relative merits / demerits of both. Its based on the article by Avinash Kaushik's blog and the book "Web Analytics Demystified" by Eric Peterson. This is an important cnsideration that you should take care before starting an analytics implementation. It could determine the quality of results that you get and any privacy related headaches that may come up.

The Basics
In the world of Web Analytics, many things related to site usage is measured (generally) via cookies. According to Wikipedia a cookie is "are parcels of text sent by a server to a web client (usually a browser) and then sent back unchanged by the client each time it accesses that server". Cookies are generally of two types:

1. First party cookies
: These are the cookies that are set within the domain of the site being accessed. So, if I am using http://www.cognizant.com, a first party cookie would always be within the domain of 'cognizant.com'.

2. Third party cookies
: These are the cookies that can be set with any domain. So when accessing Cognizant, if it used Omniture for tracking would have a third party cookie set in the domain of '207.net. So in effect, a third party is a cookie that is set by a third party.

Problem with third party cookies
Generally, third party cookies are rejected by browsers (based on security settings of the browser) and most of the anti-spyware sofware.

Hence, some of the metrics that rely on cookies will be corrupt. For example, visitor measurement us dependent on the cookies. If the browsers reject them, then this metric cannot be relied upon. Note that the problem of cookie rejection is an issue with both first and third party cookies.

Another issue with the third party cookie is the visbility across domains. For example, if DoubleClick sets a cookie on http://siteno1.com would be visible even on http://siteno2.com. Such cookies are necessary for tracking ad-clicks and conversions. This is a legitimate use but, it is possible for some malacious site to set the cookie from one site and track the sites visited by the person using the browser. To avoid such problems, anti-spyware softwares strip web requests off the third party cookies.

Solution
The solution for implementing web analytics solution hence is to use rely on first party cookies. Google Analytics by default uses first party cookies. Omniture however defaults to third party cookies. You need to talk to your consultant and ensure that they switch to first party cookies and avoid getting corrupt reports.

No comments: