By @chrismdavis & @surebee
Introduction
With the deprecation of third-party cookies upon us (Google is promising they will be unsupported in Chrome beginning later in 2024), it is a great opportunity to discuss what this means for Target. In addition to this, we'll also give an overview of what cookies Target uses, and how they can be examined by you, the high-tech marketer, with your head full of dreams and eyes full of stars.
Cookies Set by Experience Cloud Identity (ECID) Service
Here is a handy quick reference for the various cookies the ECID Service sets and whether or not they are used by Target.
Cookie Name | First-Party | Third-Party | Usage |
AMCV_IMSOrgId | ✓ | ✕ | Used by the Visitor.getInstance function of the ID Service, enables cross-solution data sharing. |
AMCVS_IMSOrgId | ✓ | ✕ | Serves as a flag indicating that the session has been initialized. |
demdex | ✕ | ✓
| Contains a Demdex ID that persists across different domains. |
Cookies Set By Target
Here is a handy quick reference for the various cookies that Adobe Target sets.
Cookie Name | First-Party | Third-Party | Usage |
mbox | ✓ | ✕ | Stores anonymous identifiers for the visitor, needed for at.js to function properly. |
at_check | ✓ | ✕ | Temporary cookie to denote if the browser has reading/writing of cookies enabled, used to determine if the mbox cookie can be created. |
mboxEdgeCluster | ✓ | ✕ | Only present when overrideMboxEdgeServer setting is set to true in the targetGlobalSettings object. |
customerclientcode!mboxPC | ✕ | ✓ | This cookie is only present if cross-domain is enabled for the Target instance. |
customerclientcode!mboxSession | ✕ | ✓ | This cookie is only present if cross-domain is enabled for the Target instance. |
Breakdowns of Each Cookie
Now let's take a look at what each cookie's values should look like & how you can validate their values before putting this all together with the implications of third-party cookie deprecation.
Where to View Cookies In Your Browser
You can view Target cookies set on your machine by opening your browser's developer console on a page running Target and navigating to Application > Cookies (dropdown menu) > yourdomain.com(AMCV, AMCVS, mbox, and at_check, potentially along with: mboxEdgeCluster, customerclientcode!mboxPC, and customerclientcode!mboxSession depending on your implementation) or clientcode.demdex.net (demdex):
First-party cookies, filtered to cookies containing mbox in the name
Demdex cookie used by Target
ECID Service Cookies
Cookie Name | First-Party | Third-Party | Sample Value | Explanation of Value |
AMCV_IMSOrgId | ✓ | ✕ | MCMID|20265673158980419722735089753036633573 | Contains ECID for use in calls made by Adobe solutions |
AMCVS_IMSOrgId | ✓ | ✕ | 1 | The presence of this cookie acts a flag, the value will always be 1 when this cookie is set |
demdex | ✕ | ✓ | 79773591524217492541286261523230646419 | A Demdex ID, to enable the use of Audience Manager segments with Target activities |
Target Cookies
Cookie Name | First-Party | Third-Party | Sample Value | Explanation of Value |
mbox | ✓ | ✕ | PC#2301af30589147f08f804c97232d5a73.34_0#1770575577 |session#254168dac83446f599804c0884ec811a#1707332637 | Contains the PCID & Session ID anonymous identifiers |
at_check | ✓ | ✕ | true | "true" indicates that the browser has reading/writing of cookies enabled. |
mboxEdgeCluster | ✓ | ✕ | 34 | Indicates which edge server requests should be sent to when overriding defaults, you can find more info about Edge Nodes here. |
customerclientcode!mboxPC | ✕
| ✓ | ad8e6155f6164e7d9736343ff7a059c0.34_0 | Target anonymous profiled identifier concatenated with Edge Node that the session is living on. |
customerclientcode!mboxSession | ✕ | ✓ | ad8e6155f6164e7d9736343ff7a059c0 | The Session ID associated with the current Target session, sessions live for about 30 minutes on Edge Nodes before being fully resolved with the backend. Maintaining Session ID is important for avoiding unexpected changes to a Visitor Profile. |
Target Without Third-Party Cookies
Now that we have a good understanding of which cookies Target uses & why, lets talk about what happens when we lose third-party cookies and what alternatives we have.
What Is Impacted
Target relies on third-party cookies for the following functionality:
- Use of Experience Cloud segments (segments shared from Analytics & Audience Manager) that cross domains in Target activities will no longer be possible, as the demdex cookie is used as part of a seed to generate the same ECID across multiple domains under the same IMS Org.
- Cross-domain session & profile sharing relies on third-party cookies for carrying mboxPC & mboxSession from one domain to another. This functionality will also be impacted by the deprecation of third-party cookies. Profile sharing could still be achieved using a Customer ID as long as sessions are expired before crossing domains. (see section below).
What Can Be Done About This?
While these are not 1-for-1 replacements for the functionality lost by the deprecation of third-party cookies, there are a few things you can do to supplement data available to Target for targeting:
- Implementing a first-party Customer ID for Target requests so that multiple ECIDs for a visitor can be tied to one first-party ID.
- You can read more about setting Customer IDs in Target here
- Setting the same Customer ID across domains will enable sharing of the Target Visitor profile across domains so long as session on the original domain has expired, sessions cannot be shared across domains & it is important to never have concurrent session for the same Visitor Profile.
- You can pass an mbox session as a URL parameter, make sure you have a solid understanding of how Target sessions work (see info about mbox cookie for high-level details), and then talk to your Account Representative about this.
- Enrichment of the Target Visitor Profile (which is pseudonymous) is another course of action that could be considered; by passing information into Target as page or profile parameters, you can make it easier to Target individuals on subsequest visits where they may or may not have a first-party identifier present in their session. You can add extra context to Target calls through page & profile parameters, as well as through server-run profile scripts, read more about these here:
- Page Parameters - for sending information about the current request
- Profile Parameters - for sending information that should be appended to the Target Visitor Profile
- Profile Scripts - for the ability to work with page & profile parameters in a more programmatic way (scripts very closely resemble JS, but are written in Rhino, a backend JS engine written in Java)
Apple Specific Considerations
Apple has taken several measures to restrict cookie lifetime and prevent cross site tracking using their Intelligent Tracking Prevention (ITP) technology. Below are the considerations pertaining to Target cookies and how they might impact your implementation.
First and Third-Party Cookie Support and Lifetime
Cookie Type | Cookie Source | Supported? | Cookie Lifetime | Notes |
Third-Party | – | | – | – |
First-Party | document.cookie | ✓ | 7 Days | Includes sites with CNAME implementation (see section below). If a visitor returns to the site within a week of the first visit, the expiration date extends by another 7 days. |
First-Party | document.cookie AND BOTH conditions in Notes are met | ✓ | 1 Day | 1. A domain classified with cross-site tracking capabilities was responsible for navigating the user to the current webpage, AND 2. The final URL of the navigation mentioned above has a query string and/or a fragment identifier. Apple has not made it clear how exactly these domains are classified, or how a domain can determine .... |
What is CNAME in relation to Target implementations?
When implemented, Canonical Name (CNAME) support with Adobe Target, calls are made to a domain owned by the customer (target.example.com) rather than a domain owned by Adobe (clientcode.tt.omtrdc.net). CNAME allows you to handle ad-blocking issues on your site.
CNAME and relevance to ITP
With ITP 2.3 (dated 2020), Apple released a CNAME-cloaking defence feature. As a result, all first-party cookies set using CNAME cloaking will be set to expire in 7 days. Prior to ITP 2.3, CNAME was used as a method to circumvent the 7-day cookie lifetime restriction.
How is my Target implementation impacted for Safari Visitors due to ITP tracking changes?
Affected Functionality | Impact | Notes |
mbox Cookie Lifetime | Shortened Lifetime | 7 days Exception: If the cookie is set by a tracking domain (as identified by Apple) AND uses link decoration, lifetime = 1 day |
Reporting | Increased Unique Visitor Counts | If visitors revisit your site after 7 days, Target will be forced to set a new mbox cookie in place of the expired one, resulting in incremented Visitor count |
Visitor Profile and Activity Membership | Decreased Lookback Period | Profile data is erased when the first-party cookie expires. Activity membership is erased when the first-party cookie expires. Target does not function in Safari for sites using a third-party cookie implementation or a first- and third-party cookie implementation. |
Opt-Out Support | No Longer Functional | Since Target uses a third-party cookie in the clientcode.tt.omtrdc.net domain to support opt-out, the functionality is no longer available |
Conclusion
We hope this guide helped you to better understand the cookies used by at.js Target implementations. If you are still unsure of any information covered in this guide, you can browse documentation on Experience League, check out the Experience League Forums, or contact your Account Representative.