@davbecker opened this Issue on October 13th 2019

I'm usign Matomo 3.12.0-b5 and several "_pk_testcookie" set by the hasCookie() function despite I am using "_paq.push(['disableCookies']);".

Now I'm wondern if it is a bug? Feature? Or am I missing something? Because setting cookies without the users consent could be a potential GDPR issue.

Tracking code example:

<script type="text/javascript">
        var _paq = window._paq || [];
        (function() {
            var u="URL";
            _paq.push(['setTrackerUrl', u+'matomo.php']);
            _paq.push(['setSiteId', '1']);
            var websiteIdDuplicate = 2;
            _paq.push(['addTracker', piwikUrl = u+'matomo.php', websiteIdDuplicate]);
            var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
            g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'matomo.js';

matomo cookies

@Findus23 commented on October 13th 2019 Member

In theory Matomo only creates testcookies when you don't have set disableCookies.

Is it possible that the cookies were created before you changed the Tracking code and are just left on your browser?

@tsteur commented on October 13th 2019 Member

Looking at the code this seems indeed the case that they are likely from some previous test cause disableCookies is right the second method that is being executed.

I'll close this issue for now as it seems like a user issue but please comment if that's not the case. If you can reproduce an issue there after clearing please comment and we reopen. Be great to have your exact tracking code to reproduce this issue then (without your idsite and matomo URL.)

@davbecker commented on October 14th 2019

Seems right! I've tested it today with two other computers, no cookies were set. On my local machine it might be just a local config issue. Because if im deleting all cookies and the whole website data in my browser cookies are still set. Thats why I was wondering.

You guys are right, in live environment everything works as expected. Thanks for the hint! :)

@falk1020 commented on October 29th 2019

I could not solve the testcookie problem...
It is set in all browsers / all machines.
Matomo 3.12.0, just updated to this version.

Can someone help me please?

Frontend JS Code (Loading Matomo after the page is loaded)


function embedTrackingCode() {
var u="//matomo.mysecretdomain.com/";
_paq.push(['setTrackerUrl', u+'matomo.php']);
_paq.push(['setSiteId', '1']);

var d=document, g=d.createElement("script"), s=d.getElementsByTagName("script")[0]; g.type="text/javascript";
g.defer=true; g.async=true; g.src=u+"piwik.js"; s.parentNode.insertBefore(g,s);

if (window.addEventListener) {
window.addEventListener("load", embedTrackingCode, false);
} else if (window.attachEvent) {
} else {

@Gregor-Agnes commented on October 30th 2019

We can confirm: Since update to 3.12.0 we get the _pk_testcookie..undefined on all installations when setting "disableCookies". Can this be confirmed and fixed? :)

<!-- Matomo -->
<script type="text/javascript">
  var _paq = _paq || [];
  /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
  (function() {
    var u="//matomo.mydomain.org/";
    _paq.push(['setTrackerUrl', u+'piwik.php']);
    _paq.push(['setSiteId', '1']);
    var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
    g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
<!-- End Matomo Code -->

    <!-- Matomo Image Tracker-->
    <img src="https://matomo.mydomain.org/piwik.php?idsite=1&rec=1" style="border:0" alt="" />
    <!-- End Matomo -->
@C-y-b-o-t commented on October 30th 2019

I also can confirm this. "disableCookies" is enabled but "_pk_testcookie..undefined" gets set.
Matomo 3.12.0.

@stadtmensch commented on October 30th 2019

Same here. _pk_testcookie..undefined is set and I also have _paq.push(["disableCookies"]);
Matomo 3.12.0

@tsteur commented on October 30th 2019 Member

It seems detectBrowserFeatures() is executed while creating the tracking instance before the cookies are being disabled... Note: This test cookie will be deleted again right away but I understand it's still an issue.

The only thing I can image is to revert https://github.com/matomo-org/matomo/pull/14495/files

@mattab @Findus23 any thoughts?

I looked into calling detectBrowserFeatures at a later point but it seems to be used by various methods. It might still possible though with a small refactor to make it maybe work for both. Eg https://github.com/matomo-org/matomo/blob/3.12.0/js/piwik.js#L6671 would need to be removed etc.

This Issue was closed on November 6th 2019
Powered by GitHub Issue Mirror