Cookie Compliance

Coveo’s Hosted Services leverage cookies to provide core features of the Coveo Platform. While the use of cookies may be limited to facilitate compliance with privacy legislation, some cookies are strictly necessary for the Coveo Platform to function properly. At a minimum, Coveo requires that the Visit ID and Visitor ID cookies be enabled to provide the Hosted Services.

The Visit ID is a random and unique value generated every time a user visits the search site. The Visit ID expires after 30 minutes of inactivity.

The Visit ID cookie is required to track individual visits of users across different:

  • Visits for the same user

  • Accounts for the same user

  • Users on the same browser

The Visit ID is also necessary to train the Machine Learning algorithms, which provide Automatic Relevance Tuning (ART), Query Suggestions (QS), Dynamic Navigation Experience (DNE) and Event Recommendations (ER) to track event sequences and improve the services.

The Visit ID is generated server-side by Coveo’s Usage Analytics. Therefore, Customers cannot disable the Visit ID cookie if Usage Analytics is enabled.

The Visitor ID is a random and unique value generated when a user visits the search site for the first time. The Visitor ID expires after 365 days.

The Visitor ID cookie is required to provide the following functions:

  • Tracking unique users.

  • Training the Machine Learning algorithms, which provide [Automatic Relevance Tuning (ART), Query Suggestions (QS), Dynamic Navigation Experience (DNE), and Event Recommendations (ER) that return relevant search results and personalized recommendations.

  • Allowing authentication via SAML sessions.

  • Storing interface configuration preferences in the Coveo Administration Console.

When the Visitor ID cookie is disabled, each user visit is treated as a unique visit for the same user, regardless of browser accounts.

Coveo’s Usage Analytics can be configured to grant users the ability to opt out of cookies. However, as the Visit ID and Visitor ID cookies are considered strictly necessary for the Platform to function, Administrators should consider keeping these cookies enabled.

If the opt-out strategy requires that the Visit ID and Visitor ID cookies be disabled, then Administrators should disable Usage Analytics for users who opt-out. The JavaScript Search Framework has three functions allowing Administrators to activate or disable Usage Analytics, as well as clear local session information from the browser.

Cookie Features Visit ID Cookie Visitor ID Cookie
Unique across different visits for the same user Yes No
Unique across different users on the same browser Yes No
Unique across different accounts for the same user Yes No
Required for inserting events No Yes
Is entirely managed by the UA service Yes No
Expires After 30 minutes of inactivity 365 Days (Depends on implementation)
Can be specified in requests to UA No Yes

For more information about the Visit ID and Visitor ID, see Visitor ID and Visit ID Dimensions.

Recommended Articles