User tracking via cookie

User tracking via cookie

In general, the Google Analytics Tracking Code (GATC) retrieves web page data as follows:

  1. A browser requests a web page that contains the tracking code.
  2. A JavaScript Array named _gaq is created and tracking commands are pushed onto the array.
  3. A <script> element is created and enabled for asynchronous loading (loading in the background).
  4. The ga.js tracking code is fetched, with the appropriate protocol automatically detected. Once the code is fetched and loaded, the commands on the _gaq array are executed and the array is transformed into a tracking object. Subsequent tracking calls are made directly to Google Analytics.
  5. Loads the script element to the DOM.
  6. After the tracking code collects data, the GIF request is sent to the Analytics database for logging and post-processing.

Requesting an image is pretty standard practice for analytics services “requesting” something as a means of sending something to a third party server. The reason this call really make sense is that you’re not actually requesting an important resource to be used on the page. Since we want the request itself to be as quick and overhead as less as possible.(a transparent 1×1-pixel image keeps the HTTP response very small more so because it is gif)

Below is a sample request:

utm.gif?utmwv=4.3&utmn=1464271798&×1200&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=10.0%20r22&utmdt=Page”>×1200&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=10.0%20r22&utmdt=Page title&utmhid=1805038256&utmr=0&utmp=/&utmac=cookie value

It contains a blank image, sometimes called a tracking pixel, that Google Analytics puts into HTML and all the the data of interest is added as parameters in the URL

Like Google Analytics , the tracking JS will set first party cookies for the domain.The cookies will be used to keep track of visitors and their sessions while visiting the website. The cookie data is stored in the visitor’s browser, and is sent along to Analytics server on predefined events( eg. every time a new pageview or event occurs) in the request. Relevant information from the request including cookies etc. is  extracted and saved to the database for further processing.

Finding a unique id to be set in cookie:

This will create an rfc4122 version 4 compliant guid

function createGuid()
    return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
        var r = Math.random()*16|0, v = c === 'x' ? r : (r&0x3|0x8);
        return v.toString(16);


var uuid = createGuid();
>>> "e2ece964-0315-4b91-b411-20f9868ce7d4"

Main idea for uuid generation is that the collision is minimum.

How to capture data on server side code received in tracking pixel request ?

A lightweight approach is  processing boomrang beacons in

A prerequisite to enabling boomerang web beacons for your web pages,  is providing a web server component that expects incoming GET Requests for the boomerang.gif and understands how to respond to those Requests.

An excellent way to add support for boomerang web beacons is to provide a class that supports the IHttpModule interface, which works so long as you are running IIS 7.0 or later in integrated mode. In integrated mode, which is also known as integrated pipeline mode, IIS raises a pre-defined sequence of events for each and every web request. The IIS integrated pipeline provides “a single place to implement, configure, monitor and support server features such as single module and handler mapping configuration, single custom errors configuration, single url authorization configuration,”

Processing of data received at tracking pixel should be in two steps

Initially dump all the requests in a table and than parse data using a background job.This will help in performance improvement.

Question for the readers ?

What will happen if domain name of website change moving from one page to another ? How would cookie/session tracking work in that case ?

Hint: Click here