I surfed on a site with “cookie_id”: “5af73fd4feaff957”,
Then I deleted all my cookies.
I reloaded the page and got a different cookie ID: “cookie_id”: “f53485eed106d99d”.
In the tracker debugger however, all requests appear as coming from the same user.
That is imho rather unexpected, and I am not sure if that is privacy-compliant, as a user who deletes their cookies expects to not be recognized as the same user again after that.
Is there a way to deactivate the fingerprinting? I could not find anything in the docs.
Thanks, I would have never guessed that… Maybe the article could be changed a bit?
E.g., later down, it suddenly mentions “device fingerprinting”, while this term is never used above:
“Now we’ll show you how your data can differ after turning off device fingerprinting. We’ll also compare other options used for collecting data so that you know how combining them can affect your data.”
But please correct me so I understand everything:
If I turn off Session ID, Piwik Pro will still stitch together Sessions (based on the Visitor ID cookie)
Turning off the Session ID actually turns off FIngerprinting, not Session recognition (which happens on the server)?
Update: I just did deactivate the Session ID that for a site, but the _pk._ses Cookie is still being generated - so Session ID and Session Cookie are not the same, got it. I can however verify that the User is not reidentified as the same user after deleting their cookies.
The thing is it’s not exactly a fingerprint even though it works similarly when it’s active. The biggest difference is that it expires after 30 mins of inactivity and cannot be used to recognize returning visitors nor create user profiles.
If I turn off Session ID, Piwik Pro will still stitch together Sessions (based on the Visitor ID cookie)
Yes, assuming that you didn’t change the default settings for that in the Site&app settings.
Turning off the Session ID actually turns off FIngerprinting, not Session recognition (which happens on the server)?
Yes, session recognition is always done on the server.
Yes, _pk_ses.* cookie has nothing to do with the analytics session recognition that is done on the server side. The name is confusing, but it’s part of our Matomo’s legacy. This cookie is mainly used to update visits counter in the _pk_id.* cookie. This counter is used to generate some of the engagement reports, e.g. a table showing users grouped by no. of sessions or no. of sessions needed before the first order.