In theory Matomo only creates testcookies when you don't have set disableCookies.

Is it possible that the cookies were created before you changed the Tracking code and are just left on your browser?

Looking at the code this seems indeed the case that they are likely from some previous test cause disableCookies is right the second method that is being executed.

I'll close this issue for now as it seems like a user issue but please comment if that's not the case. If you can reproduce an issue there after clearing please comment and we reopen. Be great to have your exact tracking code to reproduce this issue then (without your idsite and matomo URL.)

Seems right! I've tested it today with two other computers, no cookies were set. On my local machine it might be just a local config issue. Because if im deleting all cookies and the whole website data in my browser cookies are still set. Thats why I was wondering.

tl;dr:
You guys are right, in live environment everything works as expected. Thanks for the hint! :)

I could not solve the testcookie problem...
It is set in all browsers / all machines.
Matomo 3.12.0, just updated to this version.

Can someone help me please?

Frontend JS Code (Loading Matomo after the page is loaded)

`<script type="text/javascript">
var _paq = _paq || [];
_paq.push(['disableCookies']); /* important for users who don't accept cookies */
_paq.push(["trackPageView"]);
_paq.push(["enableLinkTracking"]);

function embedTrackingCode() {
var u="//matomo.mysecretdomain.com/";
_paq.push(['setTrackerUrl', u+'matomo.php']);
_paq.push(['setSiteId', '1']);

var d=document, g=d.createElement("script"), s=d.getElementsByTagName("script")[0]; g.type="text/javascript";
g.defer=true; g.async=true; g.src=u+"piwik.js"; s.parentNode.insertBefore(g,s);
}

if (window.addEventListener) {
window.addEventListener("load", embedTrackingCode, false);
} else if (window.attachEvent) {
window.attachEvent("onload",embedTrackingCode);
} else {
embedTrackingCode();
}
</script>`

We can confirm: Since update to 3.12.0 we get the _pk_testcookie..undefined on all installations when setting "disableCookies". Can this be confirmed and fixed? :)

<!-- Matomo -->
<script type="text/javascript">
  var _paq = _paq || [];
  /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
  _paq.push(['disableCookies']);
  _paq.push(['trackPageView']);
  _paq.push(['enableLinkTracking']);
  (function() {
    var u="//matomo.mydomain.org/";
    _paq.push(['setTrackerUrl', u+'piwik.php']);
    _paq.push(['setSiteId', '1']);
    var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
    g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
  })();
</script>
<!-- End Matomo Code -->

<noscript>
	<!-- Matomo Image Tracker-->
	<img src="https://matomo.mydomain.org/piwik.php?idsite=1&rec=1" style="border:0" alt="" />
	<!-- End Matomo -->
</noscript>

I also can confirm this. "disableCookies" is enabled but "_pk_testcookie..undefined" gets set.
Matomo 3.12.0.

Same here. _pk_testcookie..undefined is set and I also have _paq.push(["disableCookies"]);
Matomo 3.12.0

It seems detectBrowserFeatures() is executed while creating the tracking instance before the cookies are being disabled... Note: This test cookie will be deleted again right away but I understand it's still an issue.

The only thing I can image is to revert https://github.com/matomo-org/matomo/pull/14495/files

@mattab @Findus23 any thoughts?

I looked into calling detectBrowserFeatures at a later point but it seems to be used by various methods. It might still possible though with a small refactor to make it maybe work for both. Eg https://github.com/matomo-org/matomo/blob/3.12.0/js/piwik.js#L6671 would need to be removed etc.

This issue still exists in 3.13.0. We use disableCookies and the test-cookie is always set. Our tracking code looks like:

<script type="text/javascript">
  var _paq = _paq || [];
  _paq.push(['disableCookies']);
  _paq.push(['addDownloadExtensions', "webm"]);
  _paq.push(['trackPageView']);
  _paq.push(['enableLinkTracking']);
  _paq.push(['trackVisibleContentImpressions']);
  (function(){
  var u="https://matomo.example.com";
  _paq.push(['setTrackerUrl', u+'/matomo.php']);
  _paq.push(['setSiteId', '1']);
  var d=document,
  g=d.createElement('script'),
  s=d.getElementsByTagName('script')[0];
  g.type='text/javascript';
  g.defer=true;
  g.async=true;
  g.src=u+'/matomo.js';
  s.parentNode.insertBefore(g,s);
  })();
</script>

So #15107 does not fix it for us.

This will be fixed in #15225