Dynatrace Real User Monitoring (RUM) relies on browser cookies to correlate user interactions in the browser, for example user actions, with general page and backend performance metrics.
Cookies are used to:
- Monitor site performance
- Analyze website usage
- Track user behavior
HTTPOnly flag. Cookies must be included with each request so that user actions can be correlated with backend performance.
You can use the
Secure cookie flag, however this leads to loss of visibility into any unencrypted HTTP communication.
The following table provides an overview of cookie usage in Dynatrace. These are all first-party cookies.
Possible keys are:
|session||No set limitation but usually less than 100B||Tracks a visit across multiple requests.|
||<numeric value>||session||5B||Measures server latency for performance monitoring.|
||<serverID>$<randomValue>_<currentMillis>v<randomValue>e<eventCount>||session||58B||Required to identify proper endpoints for beacon transmission; includes session ID for correlation|
||<URL-encoded action name>||session||Max number of characters in the URL||Intermediate store for page-spanning actions.|
||<visitorID>||permanent||45B||Visitor ID to correlate sessions.|
dtSa cookie is used to save user action names, such as
Cookie opt-out capability
Dynatrace cookies are essential for providing you with all the benefits of Real User Monitoring. If you provide your users with the option to decline the use of these cookies, Real User Monitoring won't work to its full potential.
To provide your end users with a cookie opt-out capability, Dynatrace must be configured appropriately. Usually Dynatrace creates tracking cookies automatically. When using cookie
Note: To configure Cookie opt-out mode please see How do I configure Real User Monitoring for privacy?.
When a lot of cookies are in use, some browsers delete a few cookies at random. To avoid losing data from such deleted cookies, Dynatrace stores backups of all cookies. When Use persistent cookies for user tracking is enabled, this backup is stored in
localstorage. Otherwise, it's stored in
Dynatrace stores backups of the following cookies:
Note: The backup of
dtCookie is always stored in
sessionStorage and the backup of
ruxitagentjs_<appid or empty>_Store is always stored in
Dynatrace also uses
Dynatrace allows you to set the
Secure cookie attribute for all cookies that are set by Dynatrace. By applying this attribute (i.e, flag) on the
set-cookie header, you can ensure that the browser sends these cookies only over secure connections.
Note that Dynatrace cookies don't support HTTPOnly. Cookies must be included with each request so that user actions can be correlated with backend performance. If, in such cases, you use the
Secure cookie flag, the flag may lead to loss of visibility into any unencrypted HTTP communication.
To set the Secure cookie flag:
- Select Applications from the navigation menu.
- Select the application for which you want to set the secure cookie flag.
- Click the Browse [...] menu button and select Edit.
- From the Application settings menu, select Advanced setup.
- Scroll to Cookie and header settings and enable the Use the Secure cookie attribute for cookies set by Dynatrace switch.
Note: Before enabling the
Secure cookie flag, ensure that the application is completely served over secure connections.