Cookies used by Marfeel

xavi.beumala · February 16, 2022, 4:38am

The Marfeel SDK sets up 2 first-party cookies in the publisher domain. The first one stores user information like the unique user identifier, the registered user id when provided, the first visit time, the previous visit time or the original referrer. The second one is a temporal cookie to store session information like the visit start time, referrer domain and landing page.

Depending on the browser capabilities and the first cookie can also be stored on local storage and the second one in the session storage.

Storage is only used when the user gives consents to do so via the publisher CMP (Cookie Management Platform).

Here’s the list of the cookies and local storage entries that Marfeel might set:

_nrbi: Stores user data both as a cookie and in LocalStorage.
_nrbic: Stores current session browsing data both as a cookie an in LocalStorage.
compass_sid: Marfeel session id.
compass_uid: Marfeel user id.
compass_rfv_$ACCOUNT_ID: RFV of the user.
___m_rec: Data about recirculation module.
marfeel-sdk-store: Localstorage with user data including achieved goals, number Flowcard impressions, experiment groups and information about HUD.

Browser feature detection

Marfeel uses feature detection techniques to assess whether a browser supports or not certain APIs.

Marfeel feature detects Local Storage and Session Storage features creating an entry on each of them. The entries don’t contain any personal neither user data and are created and deleted during the initialization of the Marfeel Tracker.

Local Storage entries

To assess whether a browser supports local storage the Marfeel SDK creates and immediately deletes a __test_local_storage entry. Here’s the function on the Marfeel SDK:

See SDK isLocalStorageAvailable method

export const isLocalStorageAvailable = (() => {
	try {
		const testKey = '__test_local_storage__';

		window.localStorage.setItem(testKey, testKey);
		window.localStorage.removeItem(testKey);

		return true;
	} catch (e) {
		return false;
	}
})();

Session Storage entries

To assess whether a browser supports local storage the Marfeel SDK creates and immediately deletes a __test_session_storage entry. Here’s the function on the Marfeel SDK:

See SDK isSessionStorageAvailable method

export const isSessionStorageAvailable = (() => {
	try {
		const testKey = '__test_session_storage__';

		window.sessionStorage.setItem(testKey, testKey);
		window.sessionStorage.removeItem(testKey);

		return true;
	} catch (e) {
		return false;
	}
})();

Tracking users across subdomains

By default the user information is tracked at the root-domain level and shared across all sub-domains. This means that a user visiting domain.com and sub.domain.com will be considered the same user, sharing all the data points like the RFV.

This default behavior can be configured so each different subdomain tracks the user independently. This is useful in situations where the root domain is a platform domain and each subdomain belongs to independent publishers. Some examples:

medium.com vs obie.medium.com vs judedoyle.medium.com
substack.com vs lenny.substack.com vs awesomepeopleco.substack.com).

Tracking users across domains and third party cookies

There are situations where multiple root domains are used under the same Marfeel Account. Some examples:

A Media publisher owning different publications siteA.com, siteB.com, siteC.com, etc.
A publisher has a publication under siteA.com and subscriptions happen under subscriptionsdomain.com

To support these scenarios Marfeel sets a third party cookie under the Marfeel owned domain events.newsroom.bi. This third party cookie allows Marfeel to reconcile a user under the domains of the publisher account. This effectively allows publishers to:

Uniquely identify the same user on the different domains siteA.com, siteB.com and siteC.com
The unique user will share her data like RFV across domains
In regards to subscriptions Marfeel provides attribution models that work across domains keeping the user uniqueness.

Cross-domain user tracking works only when third-party cookies are enabled at the user browser level. Browsers like Safari and Firefox implement different mechanisms like Intelligent Tracking Prevention (ITP) or SameSite cookies to prevent cross-site tracking.

When third party cookies are prevented:

The same user visiting siteA.com and siteB.com will be tracked as 2 different users unless the publisher provides a unified userId
Users starting the navigation on siteA.com and completing a subscription on subscriptionsdomain.com will have disconnected attribution models

The names of the third-party cookies are:

{site_id}_u
_s for temporary session
_lv for last visit