Hi,

This sounds like #15000 which has been fixed in #15107

Hmm yes almost :D But as I understood for #15000 & #15107 the issue was that the testcookies were generated while disableCookies was set. We don't set this option and it happens anyway.

Hi,

The only way to detect if a browser is supporting cookies is to set one and check if it is set. So Matomo does need to set this cookie to work (unless you disable cookies).

It's actually a feature and was needed to avoid some warnings or so in IE. The cookie is immediately deleted again so it shouldn't be an issue. And it's a cookie that isn't tracking you or anything. It's just to check if cookies are enabled so reckon it shouldn't be an issue. Happy to reopen the issue if it is an issue.

Thank you for your quick response. Ok so I think we have an issue on our page, because the testcookies are not deleted and thats why I was confused.
Best regards

The cookies are deleted but you can't see this right away. To see that they were deleted you would basically need to remove the tracking code, and then reload the page. You can otherwise also see the cookie that it has been deleted by looking at the expiry date which should be in the past.

I checked this on two sites but in may cases the expiry date of _pk_testcookie is updated even after calling _paq.push(["deleteCookies"]);. Well, always to the current time so the expiry date is in the past but i would expect that _paq.push(["deleteCookies"]); also deletes the _pk_testcookie – as it does with _pk_ses and _pk_id. So it stays a little bit confusing to me.

Setting an expiry date in the past is basically how you delete cookies. We do it like this for all our cookies also when you call deleteCookies. It should be removed if you remove the tracking code from your site for a test on the next page reload

BTW we are making improvements to this in #15225 so in most browsers it won't set a test cookie anymore and we will also set max one per domain if a test cookie is needed

Thanks for explaination! But unlike the _pk_ses and _pk_id cookies, the _pk_testcookie does not disappear in Firefox (or Chrome) Devtools when calling deleteCookies. Even if the page is reloaded without tracking code! I've testet that some time ago and didn't have this "issue" – the _pk_testcookie was never set in the (or a) past version of MATOMO.

Feel free to test the behavior on my site, where MATOMO is loaded or removed via a Opt-IN cookie consent banner:

• visit my site
• click the button "Einverstanden" in the cookie consent banner to enable MATOMO tracking
• check Devtools to see if the three matomo cookies are created
• click "Cookies" in the footer to re-open the consent banner
• click "Ablehnen" in the consent banner to disable MATOMO (calls deleteCookies and disableCookies and reloads the page)
• now the _pk_ses and _pk_id are gone, but _pk_testcookie is still there -- even if no HTTP query is sent to my MATOMO installation any more
• you may reload the page another time but _pk_testcookie stays intact and the expiry date gets updated (oddly enough not on every reload but after a minute or so ...)

If interessted you will finde the JS code I used for the Opt-IN on my blog (germany only but code commented in english). I used this code multiple times and never had that issue before – but now reproducible on multiple sites updated to the latest MATOMO version.

BTW just commented one minute before your comment in #15161 (comment) in firefox it shouldn't even be set anymore in the future.

I can reproduce your steps and have an idea by what it is caused 👍