Adobe Analytics

nitesh__anwani · 10/27/25

Hi Folks,

I’ve received a requirement from the product team to implement anonymous tracking on the website pages to measure content consumption even when users deny performance cookie consent.

We plan to use an additional variable to indicate the user’s consent status. This will ensure that any hits collected without consent are only used for aggregate reporting and not for any re-engagement or personalization activities.

We’re currently exploring possible implementation approaches. One of the primary requirements from the Legal team is that no cookies should persist beyond the session for users who have not provided consent.

I tried setting s.cookieLifetime = "SESSION", which worked correctly for the AMCV_<orgid> cookie. However, I noticed that the s_ecid cookie still persists in the user’s browser. Since the s_ecid cookie is used to regenerate the same ECID upon subsequent sessions, this behavior does not meet the Legal team’s requirement of preventing cookie persistence beyond the session.

Could you please share any recommendations or best practices on how this requirement can be handled?

Thanks and regards,
Nitesh

Jennifer_Dungan · 10/27/25

Hi Nitish,

I assume you are using AppMeasurement and not WebSDK?

While I haven't implemented this myself (only using some demo code), to deal with the ECID you will have to use the Opt-In settings inside the Experience Cloud ID Service...

Depending on your needs, I believe you need to choose a default state and most importantly, set up the permissions:

In this example, I set the default to "false" for ECID and Analytics... if you are "opt in until otherwise told to opt out, then set the default to true. I think you would just need ECID.

I would actually make the Previous Permission a Data Element, that reads from your consent tool, and sets the values appropriately....

I think you will have to make sure that rules trigger in an appropriate order, but as soon as you are able to, read your consent model, set the JSON for your ECID into your Data Element and then this extension should respect the true or false state... If you find that the ECID is set, then later the user rejects; and the ECID is still present; you may need to have some custom code to delete the ECID cookie....

View solution in original post

Jennifer_Dungan · 10/27/25

Hi Nitish,

I assume you are using AppMeasurement and not WebSDK?

While I haven't implemented this myself (only using some demo code), to deal with the ECID you will have to use the Opt-In settings inside the Experience Cloud ID Service...

Depending on your needs, I believe you need to choose a default state and most importantly, set up the permissions:

In this example, I set the default to "false" for ECID and Analytics... if you are "opt in until otherwise told to opt out, then set the default to true. I think you would just need ECID.

I would actually make the Previous Permission a Data Element, that reads from your consent tool, and sets the values appropriately....

I think you will have to make sure that rules trigger in an appropriate order, but as soon as you are able to, read your consent model, set the JSON for your ECID into your Data Element and then this extension should respect the true or false state... If you find that the ECID is set, then later the user rejects; and the ECID is still present; you may need to have some custom code to delete the ECID cookie....

Meghan_Powers · 10/27/25

You could also check out implementing FPID which I think uses your first party ID instead of Adobe's 3rd party ID. Do NOT take this as legal guidance but that could maybe still meet legal requirements.

nitesh__anwani · 10/29/25

Hi @Jennifer_Dungan ,

Thank you for your response.

Yes, I am using AppMeasurement.

I experimented with the setup based on your suggestions, and it seems to be working as expected. Below is a summary of what I implemented:

I set the ECID value to true or false in the previous permission configuration based on the consent cookie from OneTrust.
I configured the s.cookieLifetime parameter in the Analytics Extension to control the lifetime of the s_vi cookie (returned by the Adobe Analytics server). This is necessary because analytics are assumed to be enabled in the pre–opt-in settings of the Opt-in Service ID Extension. Therefore, the s_vi cookie lifetime is now controlled based on user consent. (I found this approach mentioned in an earlier community post. https://experienceleaguecommunities.adobe.com/t5/adobe-analytics-questions/how-to-remove-s-vi-cookie... )
I also set the cookieLifetime variable in the ID Service Extension using similar logic to manage the lifetime of the AMCV cookie. However, I believe this step is no longer required, since the AMCV cookie is not set when the user denies consent in the first place.

After a quick test, everything appears to be functioning correctly.
The only observation I have concerns the s_ecid cookie lifespan. Upon consent being granted, the AMCV cookie is generated and mapped to the session-based s_vi cookie by the ID Service. While the AMCV cookie has the default lifespan of around one year, the s_ecid cookie appears to have a session-only lifespan, even after consent is accepted.

Could you please confirm if I might be missing something here?

Thank you once again for your help.

Best regards,
Nitesh

Jennifer_Dungan · 10/29/25

Again, I am not sure how Adobe handles the "post" consent opt-out... but the AMCV and ECID cookies should be set first party...

So that is why I mentioned on "opt-out" you might need to have some code to manually remove those cookies?

bjoern__koth · 10/27/25

Hi @nitesh__anwani

Web SDK doesn't work without cookies and the session based cookie setting would also be a grey zone your legal team has to sign off. A session cookie remains a cookie even though it is limited in lifetime.

In the past, I have used a truly cookieless, fully anonymous through the use of a proxy that stripped outgoing and incoming cookies, but that was also with AppMeasurement and I cannot say whether this would still work with Web SDK and the way the Edge network works.

Bottom line, respect the users' cookie consent and accept the fact that you'll lose maybe 30% of trackable data. It is like it is and the Wild West times when one - and especially marketeers could do, and did - whatever you wanted are finally over xD

Analytics is about trends, and not an exact science I always try to tell my clients.

Cheers from Switzerland!

Sergei_Kalinichenko · 10/29/25

Hi Nitesh,

May I kindly ask about legal justification that your team is using?

Wondering because I had several attempts with legal team and these always ended quite strictly: following GDPR until user explicitly consents for tracking we do not register even a first hit.

What is about session cookie?

Best,

Sergei

Adobe Analytics

Implementing Anonymous Tracking for Non-Consent Users

Learn

Documentation

Events

Community

Support

Resources

Adobe account

Adobe