How Google Analytics Uses Cookies To Identify Users

Let’s talk about cookies and Google Analytics. Warning: this blog post does not talk about edible cookies. For recipes, go to the recipe section of our website. Just kidding, there’s nothing you can eat there either. It is a great resource for Google Tag Manager though!

There are many different types of cookies, edible and non-edible, but let’s address the cookie referenced in the question – the Google Analytics cookie.

The Basics of Cookies

A cookie is a small bit of information that gets stored on your computer. Cookies are browser-specific, which means Chrome and Firefox will not be able to see each other’s cookies.

Cookies are site-specific, which means that Amazon.com will not be able to access the cookies that you have saved on Facebook.com.

The Basics of Google Analytics Cookies

Let’s review how and why Google Analytics uses cookies. We’ve written some more detailed posts about this topic, so I’ll link to those when appropriate. At a high-level, here’s what you need to understand.

All versions of Google Analytics tracking that you can embed on your website use cookies to store and remember valuable pieces of information. Today, we’ll focus on the Universal Analytics implementation from Google Analytics, which really only has one cookie – the persistent _ga cookie.

The _ga cookie stores one valuable piece of information: your Client ID.

It looks something like this:

This Client ID represents YOU. You are a User, and this is how Google Analytics will recognize and refer to you (behind the scenes.)

Note: this post focuses in on cookies used to represent Users. There is a great way to identify users on your site that have logged-in with a User ID that gets passed to Google Analytics. For more details, check out the section at the bottom!

How Does This Cookie Get Its Value?

With a default, most basic implementation, when a user arrives on your website, the Google Analytics code executes and looks to see if there is a _ga cookie already present. If there is one, great! If there’s not, it will randomly generate a new Client ID for the new user.

This Client ID is in the form of four sets of numbers that are generated and then stored in a cookie on that user’s browser and computer.

What Does This Number Mean?

The Client ID is made up a few different numbers that each mean something different.

The first number is fixed at 1, which represents the version of the cookie format that’s being used.

The second number, where in my example above is a number 2, is dependent on where the cookie is set. This is actually the number of dots in the domain name that the cookie is set to (e.g. bounteous.com = 1, www.bounteous.com = 2).

The third set of numbers is randomly generated to identify different users. (Technically, a randomly generated unsigned 32 bit integer, or anything between 1 – 2,147,483,647.)

The last set of numbers is a timestamp of when a user first visited a site. This timestamp is rounded to the nearest second (not millisecond) of the users first visit.

How Does Google Analytics Use Your Cookie

The _ga cookie is used to uniquely identify users, specifically with the third and fourth set of numbers explained above. Because of this random set of numbers, users can be identified when they come back to the site.

Google doesn’t necessarily know who a user is, and for the sake of web analytics, it uses cookies to help identify and separate unique users from each other. All of the behavior that you record on your website, Pageviews, Events, Transactions, etc. – everything you send into Google Analytics includes that Client ID so that Google Analytics can piece together a user’s history on your website.

Each piece of information that you send is a Hit, and has a Client ID attached.

Google Analytics then looks for hits that have the SAME Client ID, and it connects hits that occur during the same time period into Sesssions.

A User, or a unique Client ID, will have anywhere from one to many sessions that are associated with a particular user.

Emily did a great job explaining this in her post: Understanding Scope in Google Analytics Reporting.

Here’s a modified image from her post. In this image, the “cid” is the name of the parameter that Google Analytics uses to store and identify the “Client ID.” This value comes from your cookies.

More Details About This Cookie

There’s a lot that could be covered about cookies – here are some quick hits!

How Long Does It Last?

The _ga cookie, by default, lasts for two years of inactivity. Every time a user visits your site, this extends the expiration to two years from the latest date. You can adjust this if necessary!

What About Clearing Cookies?

A hah! You’ve touched on a weakness of using cookies. There are, however, limitations. A user can clear his or her cookies at any time. If a user visits your site and sends traffic info to Google Analytics with one Client ID, then at some clears their cookies and returns to your site, they’ll get a brand new cookie and Client ID, and Google Analytics will treat that user as a New User.

You need to remember that the metric Users in the default Google Analytics reports does not refer to specific individuals, but rather, specific Client IDs, which can change for many reasons.

How About Different Browsers?

Client ID is browser-specific so it is not passed to different browsers on the same device, like two different browsers on an individual’s computer.

How About Different Devices?

Users’ cookies are not shared across devices. Different browsers or devices will result in different cookies and therefore different users. How many browsers do you use to access the internet? Do you ever visit the same sites on different devices? You can spot the problem here.

But I’m Logged into Chrome…

It is possible to create a profile on Chrome with your login. You can have a personalized homepage, sync bookmarks, and have multiple users on the same computer. Unfortunately, the cookie is not passed between these logged in sessions and therefore a single user logged into Chrome on different devices will be seen as two users. Perhaps someday it will be possible to track logged in Chrome users as the same person, but until then, there’s not much you can do!

What About Subdomains and Cross-Domains?

Remember that cookies are site-specific. If you have either Subdomains or Cross-Domains that you are tracking together in Google Analytics, then you need to verify the following two parts.

The default Google Analytics implementation is designed to work across subdomains automatically. (Remember, two subdomains would look like: “blog.example.com” and “www.example.com.”) So if someone travels between those two sites, they’ll keep the same cookies. However, many people don’t use the default implementation from Google Analytics, or they haven’t updated in years, or they’re using Google Tag Manager and haven’t thought about this issue. Read more about subdomain tracking.

Cross-domains are a totally different animal. (Remember that cross-domains would look like: “exampleblog.com” and “coolbusiness.com.”) In this case, your cookies will absolutely not be shared between the sites, unless you set up Cross-Domain tracking with Google Analytics. Read more: Do I Need Cross-Domain Tracking?

Using the Client ID For Troubleshooting

Lastly – knowing and understanding about the Client ID can be very helpful in troubleshooting common issues like subdomain tracking errors, cross-domain tracking, Iframes … you name it.

Check out a few posts:

• Avoid the Facepalm: 5 Common Mistakes in Your Google Analytics Tracking Code
• Google Analytics and Google Tag Manager Debugging Tools

Cookies are useful for a number of reasons and are the backbone of most web analytics tracking. Understanding how they work and potential downsides of the basic Google Analytics tracking can be helpful in identifying tracking errors and better describing your data from Google Analytics.

There is a newish feature in Google Analytics that is designed to give you even better information – the User ID. Where cookies are generated randomly and are used to represent anonymous visitors, the User ID is handy for sites where you actually know who the person is. In this case, you can tell pass a non-personally-identifiable identifier to Google Analytics and that can be used to stitch sessions and users across browsers and devices!

More on User ID in Google Analytics:

• User-ID: Measuring Real Users Instead of Devices
• Google Analytics User ID Strategies for Sites with Limited or No Login
• Ways to Incentivize Website Log Ins for More User ID Data
• User ID in Google Analytics and Ethics