Piwik: How do I track a visitor (User ID) across domains (PHP/JS)?

Question

I'd like to link the current visitor's IP to a specified user ID (via PHP) which Piwik should track across several (sub)domains.

There are several (sub)domains and I want to give a visitor (IP), who is logging in at secure.example.com, a unique UserID to track him on all other domains. The link "IP -> UserID" at login should be made in PHP (Piwik Tracking PHP Client -> setUserId). The "normal" page tracking on all domains (including secure.example.com after login) should be based on JavaScript (Piwik JS tracking snippet).

Example domains:

www.example.com (siteId 1)
support.example.com (siteId 2)
secure.example.com (siteId 3)
www.anotherexample.com (siteId 4)

My current PHP login tracking code (called on secure.example.com/login):

<?php
require_once 'PiwikTracker.php';

$siteId = 3;
$apiUrl = 'http://piwik.example.com/';
$userId = '[TESTUSER]';

$piwik = new PiwikTracker($siteId, $apiUrl);
$piwik->enableCookies('*.example.com');
$piwik->setIp($_SERVER['REMOTE_ADDR']);
$piwik->setUserId($userId);
$piwik->doTrackEvent('Login', 'Login', $userId);
?>

The JS tracking code for all other pages and domains (siteId changes):

<script type="text/javascript">
var _paq = _paq || [];
(function(){ var u="//piwik.example.com/";
    _paq.push(['setSiteId', 1]);
    _paq.push(['setCookieDomain', '*.example.com']);
    _paq.push(['setDomains', '*.example.com']);
    _paq.push(['setTrackerUrl', u+'piwik.php']);
    _paq.push(['trackPageView']);
    _paq.push(['enableLinkTracking']);
    var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; g.type='text/javascript'; g.defer=true; g.async=true; g.src=u+'piwik.js';
    s.parentNode.insertBefore(g,s); }
)();
</script>

In Piwik config.ini.php I set the following values:

[Tracker]
enable_fingerprinting_across_websites=1
use_third_party_id_cookie = 1
visit_standard_length = 1800
window_look_back_for_visitor = 86400

My problem is: When I log into secure.example.com and then visit support.example.com (or www.example.com etc.), Piwik does not link these visits to the UserID I set before. In addition if I overwrite the UserID for the current visitor, it won't change in Piwik backend.

1

any updates on this – dhana lakshmi May 06 '20 at 10:31

score 0 · Answer 1 · answered Jan 19 '22 at 14:25

From the description of what you're trying to do it seems like you might benefit from going stateless for your setup. I use PHP for my backend as well.

JWT's seem like it might be a good fit for you. A JWT is essentially an encrypted JSON token that you give to the client, the client then sends the token with every request to the server and the server validates that instead of trying to maintain a session. This means that you can have the client send that token to any one of your domains and have a standard system for validating any requests from that client. You can whitelist certain domains or even areas within domains etc.

I've linked the white paper below. Along with some other relevant links associated with it.

Note that it's recommended to send the token in the http request header. I use the Authorization Bearer header. But I've seen some implementations using cookies, they recommend not sending it in query strings.

Pretty sure this is how larger orgs track you so thoroughly online.

Stateless designs are very interesting to setup because of the requirement to authenticate literally every request made to the backend.

Hope this helps, let me know if you have any questions.

JWT Best Practices

JWT White Paper

JWT Claims

JWT Current Best Practices (This might be a duplicate, but I read it anyway)