A cookie is a series of information saved on your browser when you visits some websites.
When you do a login or a registration on a website, normally the website will store the information that you are currently logged in (and maybe your user ID, or other data to retrieve your account) in a cookie. This is a good thing and should be the only accepted way to use a cookie.
Some websites and services use the cookies to store some informations to track the user around the Internet; due to the technical nature of cookies, a cookie stored on facebook.com could be used also on any other websites that request a resource (an ad, a banner, a fb login script...), so in this way it's possible to track all the websites visited by an Internet user.
This is bad, mainly because this tracking is almost something invisible to the current user.
We don't like be tracked on every move that we do on the Internet. It's shady and we don't know how that data will be used. For this reason, we decided to store only some simple (and not-personal) data of the visitors and just in case we made it impossible, if somebody gains access to our server, to group the visits of a single user together. Every visit on Metrical is treated as unique, not as a series of visits of the same user.
To be able to do this, we decided to never use any cookie to track the visits.
Since the privacy and the respect of the user information is so important to Metrical, we want to be transparent on how we obtain our data.
We create a complex hash (a unique string of characters) based on
- IP Address
- User Agent
- Site UUID
- Random SHA256 String stored securely on the Metrical Server
- The day of the year on our server / 2 (more on this below)
This is the sessionID. There isn't any way to decode the sessionId to retrieve the Ip Address, User Agent and the other data used. Also, using the Site UUID as a way to create the sessionId, we can't in any way correlate the same user on 2 different sites that are using Metrical to track their users.
Here are the steps that we do when we receive a visit from a user:
- 1.We calculate the session ID
- 2.We check if this session ID is already stored on a sessions table. This sessions table has only 2 fields: 'session' and 'createdAt' and it isn't in any way connected to the visits table.
- 3.If the session ID isn't already stored, we add the sessionId in the table
- 4.We create the visit. If the sessionId wasn't already present on our sessions table, we will set the field 'firstVisit' to true. If the sessionId was already present on the table, it means that the user visited the website before in the last day, so the visit is only a pageview. We don't save the sessionId as a field of the visit.
When we create a session, we want to be able to know when it was created so that every week the sessionIds that are older than 7 days (we don't need that). In this way the sessions table will only have data that are needed and will be faster to query it every time we store a visit.