Sometimes, you may want to turn off a session hash and not use it to track visitor sessions. This can be due to privacy laws or other reasons.
But keep in mind that without the session hash, counting visitor sessions may be less accurate. This hash helps link sessions from the same visitor. Towards the end of this article, we’ll explain how turning it off can affect your data.
To turn off a session hash, follow these steps:
- Go to Menu > Administration.
- Navigate to Sites & apps.
- Select the site or app you want to work with.
- Navigate to Privacy > Compliances.
- Turn off Use a session hash.
- This setting applies to consenting visitors, or to all visitors if you don’t ask for consent. Session hashes can also be turned on or off for non-consenting visitors in Administration > Sites & apps > Privacy > Ask visitors for consent > Collect anonymous data from non-consenting visitors. Read more
- If you turn off both visitor cookies and session hashes, each event will be treated as a new session and you won’t recognize visitors.
We’ll now show you how your data might change when the session hash is deactivated. We’ll also compare different data collection methods, helping you understand how combining them can influence your data.
|Consenting visitors or all visitors if you don’t ask for consent|
|Visitor cookies & session hash||Session hash only||Visitor cookies only||No visitor cookies & session hash|
|Mechanisms used to collect data|
|Visitor’s IP address||Yes / No (3)||Yes / No (3)|
|Capture all traffic|
|New vs. returning visitors|
|Visitor’s location||Latitude, Longitude, Organization, Provider, City, Region, Country, Continent||Latitude, Longitude, Organization, Provider, City, Region, Country, Continent||Latitude, Longitude, Organization, Provider, City, Region, Country, Continent||Latitude, Longitude, Organization, Provider, City, Region, Country, Continent|
|Channel attribution||Last-click, position-based, first-click, last-non-direct-click, time-decay, linear and custom models||Last-click||Last-click, position-based, first-click, last-non-direct-click, time-decay, linear and custom models|
|Compliant with||Countries without privacy laws, CCPA (5), HIPAA (7)||Cookie laws, HIPAA (7)||Cookie laws, HIPAA (7)||GDPR, UK GDPR/PECR (6), TTDSG (6), HIPAA (7)|
- Some triggers in Tag Manager set cookies to function correctly.
- We create a session hash to recognize the visitor’s session. We only use it for 30 minutes since the last event.
- You can mask visitors’ IP addresses under Administration > Sites & apps > Privacy > Mask IP addresses. An IP address gives you a visitor’s location. Masking it removes the selected number of bytes from the address before saving it to the database. Nobody will ever see the full address. Masking an address can enhance visitor privacy, as you won’t be able to see their precise location.
- Each event is a new session.
- You need to add an opt-out form (“do not sell my personal data”).
- Assuming the product is set up to avoid storing additional device-level information, such as screen resolution or browser plugins. You can set it in Administration > Sites & apps > Privacy > Don’t collect visitor’s device data (on).
- If you have the Enterprise plan and have signed a BAA with us.