When you use Piwik PRO as an analytics platform, it’ll set some cookies in your browser and use your local storage in order to run smoothly. Piwik PRO will also set tracking cookies to monitor your behavior and help us spot and resolve UX issues.
In this article, we’ll describe all the cookies that Piwik PRO may set in your browser.
Cookies created in a Piwik PRO user’s browser
Here’s a list of all cookies that let Piwik PRO work correctly.
| Cookie | Piwik PRO user | Default cookie lifetime | Module | Cookie type |
|---|---|---|---|---|
| csrftoken | Always | 365 days | Administration | First-party |
| ppasid | Always | 30 minutes | Administration | First-party |
| ppas_session_saml_test | Always | 30 minutes | Administration | First-party |
| stg_debug | Optional | 14 days | Tag Manager | First-party |
| _stg_opt_out_simulate | Optional | Until the session ends | Tag Manager | First-party |
| Deprecated cookies used in versions below 18.3.0 | ||||
| app_id (deprecated) | Always | 365 days | Analytics, Tag Manager, Consent Manager | First-party |
| piwik_auth (deprecated) | Always | 24 minutes | Analytics | First-party |
| PIWIK_SESSID (deprecated) | Always | 24 minutes | Administration | First-party |
| SimpleSAMLAuthToken (deprecated) | Always | Until the session ends | Administration | First-party |
| SimpleSAMLSessionID (deprecated) | Always | Until the session ends | Administration | First-party |
Note: Piwik PRO will also set the tracking cookies in your browser because we use our own analytics platform to collect user data.
Cookie details
Here’s a detailed description of each cookie.
csrftoken
Module: Administration
Expires after: 365 days
Extends: Automatically
Type: First-party cookie
About: Stores a CSRF token to secure Piwik PRO forms.
Cookie value: A randomly generated string.
ppasid
Module: Administration
Expires after: 30 minutes
Extends: Automatically
Type: First-party cookie
About: Stores the session ID of the currently logged-in user.
Value: A randomly generated string.
ppas_session_saml_test
Module: Administration
Expires after: 30 minutes
Extends: No
Type: First-party cookie
About: Allows us to detect whether the user is in an SSO test process or not. It is automatically set to expired when the user is redirected back to the ACS endpoint from their identity provider.
Value: A randomly generated string.
stg_debug
Module: Tag Manager
Expires after: 14 days after using debug mode
Extends: Automatically
Type: First-party cookie
About: Helps to display your site in debug mode when you use Tag Manager. The cookie is removed after you quit debug mode.
Cookie value:
- 1: Debug mode is turned on
Created if: You use debug mode by clicking the debug button in Tag Manager or by adding the stg_debug query parameter to your site’s URL.
_stg_opt_out_simulate
Module: Tag Manager
Expires after: The session ends
Extends: Automatically
Type: First-party cookie
About: Helps to simulate opt-out in debug mode in Tag Manager by turning off all tracking tags on the debugged site.
Cookie value:
- true: Opt-out simulation is turned on.
- false: Opt-out simulation is turned off.
Created if: You turn on opt-out simulation in debug mode.
app_id (deprecated)
Module: Analytics, Tag Manager, Consent Manager
Expires after: 365 days
Extends: Automatically
Type: First-party cookie
About: Used to pass a site or app ID between Piwik PRO modules: Analytics, Tag Manager, Consent Manager.
Cookie value: A site or app ID.
Note: This cookie was removed in version 18.3.0, but for users who already have it set in their browsers, it’ll expire after a year.
piwik_auth (deprecated)
Module: Analytics (versions below 16.0.0)
Expires after: 24 minutes (can be changed)
Extends: Automatically
Type: First-party cookie
About: Stores user session data such as the user’s login and the token_auth parameter. If the cookie is valid, the user is considered logged-in and the PIWIK_SESSID cookie is updated.
Cookie value: login=<userLogin>:token_auth=<tokenHash>:_=<signature>
- userLogin: User’s login.
- tokenHash: The md5 hash created from the user’s login and the token_auth parameter.
- signature: Checksum
PIWIK_SESSID (deprecated)
Module: Analytics (versions below 16.0.0)
Expires after: 24 minutes (can be changed)
Extends: No
Type: First-party cookie
About: Stores a PHP session ID.
Cookie value: A unique session identifier.
SimpleSAMLAuthToken (deprecated)
Module: Administration
Expires after: The session ends
Extends: No
Type: First-party cookie
About: Helps to authenticate the user with IDP. This cookie is used by the SimpleSAMLphp library.
Cookie value: A randomly generated string.
Note: This cookie was removed in version 18.3.0.
SimpleSAMLSessionID (deprecated)
Module: Administration
Expires after: The session ends
Extends: No
Type: First-party cookie
About: Helps to authenticate the user with IDP. This cookie is used by the SimpleSAMLphp library.
Cookie value: A randomly generated string.
Note: This cookie was removed in version 18.3.0.
Local storage details
Piwik PRO stores some essential functional data in your local storage. This includes things like your chosen site or app, report date range and selected filters or lists.