What is a session and how is it counted?

A session is a visit to your site or app from a single visitor. It consists of events like page views, downloads, ecommerce conversions and the like.

A session starts with the first event and ends 30 minutes after the last event. This means that when the time gap between two events is longer than 30 minutes, a new session is created with the second event. 

During the first session, a visitor is marked as New visitor. When they visit again, they are marked as Returning visitor.

Piwik PRO recognizes visitors using three methods:

• Visitor ID: Our JavaScript tracker sets a vistior cookie (_pk_id.*)  in the visitor’s browser and assigns a unique identifier called a Visitor ID. The tracker uses that ID to recognize the visitor. 

  The cookie expires after 13 months by default (or after 30 minutes for anonymous visitors). Also, a visitor can clear cookies at any time. If that happens, the tracker will set a cookie again with a new Visitor ID.

• Session ID: Our backend tracker creates a hash for each session based on the visitor’s IP address, operating system, browser name, browser version, browser language and enabled browser plugins. During tracking, a temporary link between Session ID and Visitor ID is created. The tracker uses that link to recognize events belonging to the same session.

  The link between Session ID and Visitor ID expires 30 minutes after the last event. Since we don’t store the Session ID anywhere else, it’s impossible to determine returning visitors relying solely on its value.

  The hash itself is not available in any report, but the data used for creating it is visible in raw requests in the tracker debugger for 6 hours. After that time, it’s stored in raw log format for 30 days, but it’s not available in the application interface (We store it only for security reasons: (1) to protect us against malicious actions and bots, (2) to troubleshoot any tracking issues, (3) to recover data in case of data losses.). After that time, it’s permanently deleted.

  The tracker uses Session ID as a primary mechanism to recognize sessions or as a fallback mechanism when it can’t create cookies and use Visitor ID.

  Note: If you turn off Use a session ID (Administration > Sites & Apps > Privacy > Ask visitors for consent (off) > Use a session ID (off)), the tracker will only use Visitor ID from the cookie to recognize visitors.

• User ID: This is an additional method that the JavaScript tracker can use only after you’ve set up a user ID. The User ID is any unique identifier that you can pass from your site or app to the tracker. It can be the same user ID as in your CMS, CRM or sales system.

  The User ID has the highest rank among mentioned identifiers. If available, the tracker uses it instead of other methods.