Google Analytics Cookie Expiration

2017 UPDATE: this post from 2012 described the cookies used by "classic" Google Analytics (ga.js), which has now largely been replaced by Universal Analytics (analytics.js). While the old version of GA stored information client-side in user cookies, Universal Analytics instead uses just a single cookie to store a user ID, and then processes all the associated information on Google's servers. The main practical results of this are:
a) a visit's campaign information can't be viewed in a GA cookie anymore, and
b) session timeout information can be set within the GA Admin interface, as shown in the screenshot.
session timeout settings

 

[original post follows]

This post contains information on how long Google Analytics uses cookies to track users.  Cookies are a fundamental piece of how Google Analytics tracking works, so understanding them will greatly help in troubleshooting implementation issues or understanding reports on new vs returning visitors, traffic sources, etc.

Cookie Summary

Google Analytics has 3 main cookies: utma, utmb, and utmz.  An older version of GA had a utmc session cookie, but this has been deprecated.  There is also a utmv cookie for custom variables, but this post will focus on the 3 main cookies that you will see in every instance of GA.

The utma cookie, or "visitor" cookie has a 2 years expiration period.  Each time a user comes to the site, their cookie gets updated for another 2 years.

The utmz cookie or "campaign" cookie has a 6 month expiration period. If a user comes back to the site within 6 months, it will remember the last traffic source of that visitor. It will typically be overwritten when a user comes back to the site after using a new traffic source, unless they come back as direct traffic (by typing in the URL, clicking on a bookmark,etc). In that case,  the utmz cookie will still remember that they previously came from, say, an AdWords link and attribute their actions to AdWords.

The utmb cookie, or "session" cookie, has a 30 minute expiration period.  If a user comes back to site within 30 minutes, it gets counted as part of the same session (as long as it's the same campaign source and the day hasn't changed).

See the below table for a summary of the above.

CookieCookie TypeExpiration PeriodPurpose
utmaVisitor2 yearscreates persistent ID to track visitors across multiple visits
utmzCampaign6 monthsidentifies which traffic source brought the user to the site
utmbSession30 minutesties together all page views and actions within a visit

 

Cookie Customization

An interesting GA tweak is that the expiration period for each of these can be modified using GA's cookie timeout functions.  There are a couple reasons users might want to do this:

1) users may want to change these settings to match their business rules.  For example, their business may want to wait longer than a 30 minute period of inactivity before determining that a new session has started.

2) this can be used to match privacy policies, if certain local laws do not allow tracking users for extended periods of time or limit the length of expiration for these cookies.

The way to modify these settings is using the following 3 functions, which match to the above cookies as follows:

_utma cookie: _setVisitorCookieTimeout(enter_cookie_timeout_value_in_milliseconds)
_utmz cookie: _setCampaignCookieTimeout(enter_cookie_timeout_value_in_milliseconds)
_utmb cookie: _setSessionCookieTimeout(enter_cookie_timeout_value_in_milliseconds)

To use these functions, add them to the main tracking code block that goes on every page.

For more details please see https://developers.google.com/analytics/devguides/collection/gajs/methods/gaJSApiBasicConfiguration

 

10 thoughts on “Google Analytics Cookie Expiration”

  1. Hello,

    I was researching as to why I have utma, utmz cookies in my logs, even though I quit using analytics. It has been a week now, and I still observe those cookies. So, with expiration periods this long, it will be some time before they disappear?

    But I am assuming these cookies belong to our domains, so they can be flushed by setting a new cookie that is expired.

    Reply
  2. I was searching for this topic from the past 2 days i have to make a thesis.Awesome work and great article .
    There is a question if we add these codes in blogger along with the tracking code will they work do you prefer using all 3 of them or only one
    _utma or _utmz

    Reply
  3. Can we lengthen the time range in the time to purchase/ lat time report in analytics using any of these? I have a client with really long lag time between first visit to purchase (6-8 weeks), so 30 days is a bit useless to me.

    Reply
  4. So am I right in thinking this customization of the UTMA cookie means that it is possible to improve your unique visitors figure? I'm surprised if this isn't exploited by many.

    Reply
    • Interesting comment. There are a few ways you could change your unique visitor count - I see overstated visit/visitor counts regularly - but so far it's always been due to broken code, not on purpose! I think most companies are using GA to understand their business, not produce an inflated number. Your point may be that some advertising rates are based on visitor counts but advertisers wouldn't continue advertising if they didn't get the results they expected, right? I don't know, can you elaborate on how you might exploit the system? 🙂

      Reply

Leave a Reply to Michael Cancel reply