Sometimes you may want to turn off a session ID and not use it to recognize visitor’s sessions. It could be because you want to stay compliant with some privacy laws or for other reasons.
A session ID is a way to identify each session based on the visitor’s IP address, operating system, browser name, browser version, browser language and enabled browser plugins. It helps to recognize events belonging to the same session. Each session ID is valid only for 30 minutes. If you turn it off, your data will be less accurate. We’ll explain that at the end of this article.
To turn off a session ID, follow these steps:
- Go to Menu > Administration.
- Navigate to Sites & apps.
- On the left, pick a site or app you want to work with.
- Navigate to Privacy.
- Ask visitors for consent needs to be turned off.
- Turn off Use a session ID.
- Click Save.
Comparison of options
Now we’ll show you how your data can differ after turning off device fingerprinting. We’ll also compare other options used for collecting data so that you know how combining them can affect your data.
| Cookies & session ID | No cookies | No session ID | No cookies & session ID | |
|---|---|---|---|---|
| Mechanisms used to collect data | ||||
| First-party cookies | (1) | (1) | ||
| Local storage | ||||
| Session ID | (2) | |||
| Visitor’s IP address | Yes / No (3) | Yes / No (3) | ||
| Visitor ID | ||||
| Collected data | ||||
| Capture all traffic | ||||
| New vs. returning visitors | ||||
| Visitor’s session | (4) | |||
| Visitor’s location | Latitude, Longitude, Organization, Provider, City, Region, Country, Continent | Latitude, Longitude, Organization, Provider, City, Region, Country, Continent | Latitude, Longitude, Organization, Provider, City, Region, Country, Continent | Latitude, Longitude, Organization, Provider, City, Region, Country, Continent |
| Events | ||||
| Traffic sources | ||||
| Channel attribution | Last-click, position-based, first-click, last-non-direct-click, time-decay, linear and custom models | Last-click | Last-click, position-based, first-click, last-non-direct-click, time-decay, linear and custom models | |
| Privacy laws | ||||
| Compliant with | Countries without privacy laws, CCPA (5) |
Cookie laws | Cookie laws | GDPR, UK GDPR/PECR (6), TTDSG (6) |
- Some triggers in Tag Manager set cookies to work correctly.
- We create a session ID to recognize the visitor’s session. We use it only for 30 minutes since the last event.
- You can mask IP addresses for visitors under Administration > Sites & apps > Privacy > Mask IP addresses. The IP address informs about visitor’s location. This option removes the selected number of bytes from the address before saving it to the database. Nobody will ever see the full address. Masking it can enhance visitors privacy because you won’t recognize their full location.
- Each event is a new session.
- You need to add an opt-out form (“do not sell my personal data”).
- Assuming the product is set up not to store additional device-level information like screen resolution or browser plugins. Set it up in Administration > Sites & apps > Privacy > Don’t collect visitor’s device data (on).