Setting of Cookies

[will 68]

Tweet

My understanding of cookies is that cookies are usually set at the point of redirect to the merchant’s website (at the affiliate network) or are they set at the merchant’s site or does it vary depending on which affiliate network you are using.

I have been messing around with firefox and under Tools>Options>Cookies you can select for the browser to ask your permission for each cookie being set. This gives you amongst other information the date which the cookie expires.

Using virgin broadband (which has a 30 day cookie) as an example as it is with most of the big networks I got the following results:

Affiliate Window: Sets a cookie set to expire in 30 days

Com Jun: Sets various cookies but none set to expire in 30 days

TD: Sets various cookies but none set to expire in 30 days

Buy.at: Sets various cookies but none set to expire in 30 days

DGM: Old DGM link not working and unable get new link from DGMPro site at the moment but I’m not worried as I got the message “The DGM development team has been notified.” LOL, at least I got as far as being able to log in today an improvement on yesterday.

Aff Future: Although virgin broadband is no longer with AF just thought I would mention that any Aff Fut link I have tested has set the correct length cookie on my pc.

I fully expected to see a 30 day cookie on my pc set by each network, but the only virgin affiliate link which set a 30 day cookie on my pc was an Aff Win link.

Am I wrong to expect to see a 30 day cookie set on my pc from each network? Do different networks work differently when it comes to setting cookies? If so is it at all possible to check that the correct cookie is being set by each network.

Will

[Rich]

What the majority of networks do is, when you first use one of their links they set a cookie with a long duration and it will contain a unique ID that identifies that user then in their database they record user A clicked a link to merchat B from affiliate C at whatever time. Then when a sales is made to that user at that merchant the network checks the database to see which affiliate was the last to send that user to the merchant, checks that it was within the cookie time and if so awards the commission.

When the user clicks another link on that network, thier unique ID cookie is already set, so the network doesn't need to set it again.

The reason for doing it this way, rather than having one cookie set on the networks domain for each merchant, is each browser only supports a limited number of cookies per domain (as low as 20 in some cases) and when another cookie tries to get set then one of the others needs to be removed. This means a cookie can get removed before it is time to expire. As you have seen some networks do still operate like this.

[will 68]

What the majority of networks do is, when you first use one of their links they set a cookie with a long duration and it will contain a unique ID that identifies that user then in their database they record user A clicked a link to merchat B from affiliate C at whatever time. Then when a sales is made to that user at that merchant the network checks the database to see which affiliate was the last to send that user to the merchant, checks that it was within the cookie time and if so awards the commission.

When the user clicks another link on that network, thier unique ID cookie is already set, so the network doesn't need to set it again.

Thanks for the detailed answer Rich. I thought this would be how it worked but was never 100% sure, i just couldnt find anything on any the networks sites explaining it.

[Rich]

I thought I'd post a summary of how many cookies different browsers can store for one domain and what happens when you try to exceed it as I had looked into it a while ago but can't see that I posted anything: -

<table border='1' cellspacing='0' cellpadding='3'><tr><th>Browser</th><th>Maximum cookies</th><th>What happends when a cookie is set when maxed out</th><th>What happends when multiple cookies are set when maxed out</th></tr><tr><td>FireFox 1.0.6</td><td>50</td><td>Newest cookie deleted</td><td>Random, but normally only one written removing the newest</td></tr><tr><td>IE 6</td><td>20</td><td>Oldest cookie deleted</td><td>Set OK, oldest removed</td></tr><tr><td>Opera 8.02</td><td>30</td><td>Newest cookie deleted</td><td>Set OK, newest removed</td></tr></table>
As you can see Firefox and Opera delete the latest cookie if there is no room for a new one. So if a user is maxed out and clicks a link to merchant A and then later a link to merchant B, both on a network that sets one cookie per merchant, the cookie for merchant A will get deleted. It's down to you to decide if a user will have 30 current cookies set at the same time (as a guide Awin have 28 merchants with a cookie lenghts of a year or longer).

The reason for the 'What happends when multiple cookies are set when maxed out' column is some networks use multiple cookies to track each merchant, Affiliate Future appear to set two. This means they can reliably track a maximum of 10 merchants in a 30 day period time for a user of IE, 15 for an Opera user - at which they hit the problem with the latest clicks' cookie being removed - and for Firefox they can track 25 after which future clicks are likely to fail to set cookies. (I say 30 day period as I think the majority of AF cookies are set to 30 days).

Thats why I prefer tracking systems that just give the user a unique ID and record the details in a database. From memory thats buy.at, POR, TD, CJ and DGMpro - though I think I've posted enough of my thoughts on DGM2-DGMpro tracking

[will 68]

Thanks again Rich, I knew there was a max cookie limit but had no idea what it was also interesting to see what different browsers do when multiple cookies are set when maxed out I just assumed the oldest would be removed.

[SmallBizSoftware]

So if we know what a merchant sets in their cookies, what's to stop an unethical webmaster from just setting a cookie with their aff id in it for every visitor in the hope that some of their traffic will visit the merchants site organically?

[Rich]

Each domain can only set cookies that can be read by its own domain. So a webmaster of mydomain.com can't set a cookie that would get passed to somemerchant.com or somenetwork.com.

There are ways to fake a click on an affiliate url so as the cookies get set from the correct domains, but this is disallowed by the networks and I hope they are very tough on anyone found doing it.

[5starAffiliatePrograms]

The networks frown on unethical cookie setting but some don't police it very well.

There are lots of cookie tricks and lots of ways to do what we call "cookie stuffing". Some highly ethical affiliate managers, like 2 of my outsourced affiliate management clients - AMWSO and PartnerCentric, add anti-cookie stuffing rules to their program TOS.