Cookies¶
The Voyado Elevate Web API uses four different cookies: apptus.customerKey, apptus.sessionKey, apptus.token, and apptus.queue.
apptus.customerKey¶
The apptus.customerKey cookie contains a unique randomly generated value that enables a website to identify a visitor between sessions. This value does not directly identify the visitor and a key (which Voyado don’t have access to) is needed to connect these. The cookie is set at the first interaction with the website and is recommended to be persistent for 1 year.
The cookie is used to enable Elevate to deliver personalized content and products based on the visitors previous behavior on the site. Opting out of this cookie disables the possibility for a visitor to have a personalized experience on the site based on their own behavior.
Server side cookie¶
Retailers that use the JavaScript library client side while setting the apptus.customerKey cookie server side must set the cookie properties according to the following instructions.
The JavaScript library will use the apptus.customerKey cookie when sending requests to achieve personalisation as well as keeping the cookie updated during the life cycle of a page visit.
Cookie properties¶
| Property | Value | Description |
|---|---|---|
Name | apptus.customerKey={visitor id} | The value is either a A SHA256 hash of the id of a signed in visitor or a unique for visitors not signed in, UUID v4 is recommended. |
Path | / | The path is defined as the root of the Domain. |
Domain | Site host name | The Domain must match the host name of the site, for example www.example.com. Unless specified in the JavaScript library. |
Expires | Expiration date | The expiration date is recommended to be set to be one year into the future. When using the JavaScript library, the date is automatically set one year into the future. |
Secure | Secure or N/A | If the site is served over https, then Secure must be specified in the cookie. |
HttpOnly | N/A | The HttpOnly must not be specified as the JavaScript library interacts with the cookie. |
Example¶
The following example specifies a cookie set server side for the site www.example.com that is served over https.
apptus.customerKey=eea6c1ee-7b12-4f40-a4f4-61a59a111b98; Path=/;
Domain=www.example.com; Secure; Expires=Wed, 14 Oct 2020 07:00:00 GMT;
apptus.sessionKey¶
The apptus.sessionKey cookie contains a unique randomly generated value that enables a website to identify a session between page requests. This value does not directly identify a visitor and a key (which Voyado don’t have access to) is needed to connect these. The cookie is set at the first interaction with the website and is persistent for the duration of the session.
The cookie is used to enable Elevate to deliver the most relevant content and products based on the situation of the site. Opting out of this cookie disables the possibility for a visitor to have a personalized experience on the site.
Cookie properties¶
| Property | Value | Description |
|---|---|---|
Name | apptus.sessionKey={session id} | A unique UUID v4. |
Path | / | The path is defined as the root of the Domain. |
Domain | Site host name | The Domain must match the host name of the site, for example www.example.com. Unless specified in the JavaScript library. |
Expires | Expiration date | The expiration date is recommended to be set to be one year into the future. |
Secure | Secure or N/A | If the site is served over https, then Secure must be specified in the cookie. |
HttpOnly | N/A | The HttpOnly must not be specified as the JavaScript library interacts with the cookie. |
apptus.token¶
The apptus.token cookie is a string token that should only be set when a visitor signs in to a site. It is recommended to only set the apptus.token cookie server side.
The token is obtained by signing the customerKey with the retailers Web API privateKey (as received by Voyado during the cloud configuration) and provides Elevate information that the visitor is signed in. This allows Elevate to verify that the customerKey format is correct, and if the customerKey leaks or becomes public, the visitor data is still safe as the privateKey-signed token is required.
Cookie properties¶
| Property | Value | Description |
|---|---|---|
Name | apptus.token={string token} | A string token obtained by signing the customerKey with the retailers Web API privateKey. |
Path | / | The path is defined as the root of the Domain. |
Domain | Site host name | The Domain must match the host name of the site, for example www.example.com. Unless specified in the JavaScript library. |
Expires | Expiration date | The expiration date is recommended to be set to be one year into the future. |
Secure | Secure or N/A | If the site is served over https, then Secure must be specified in the cookie. |
HttpOnly | N/A | The HttpOnly must not be specified as the JavaScript library interacts with the cookie. |
apptus.queue¶
The apptus.queue cookie is used to temporarily store click and adding-to-cart notifications. As a web browser unloads the current page content when a visitor clicks a link, Elevate must ensure that all notifications have been sent. The apptus.queue cookie only stores the notifications that had not been sent before the next page is loaded. Once the notifications are sent the cookie is cleared.