We’ve migrated our documentation to a new site, which means some URLs have changed.
Subscriptions

Composer Cookies

Overview

NAME

TYPE & CATEGORY

LIFETIME

OBJECT

USER OPT-OUT EFFECT

PROCESSING PARTY

xbc

Cookie (Mandatory)

2 years

The Experience Cookie

Multiple Composer features will stop working- in particular, metering, A/B testing, adblocker conversion tracking, credits, affiliates, first-visit segmentation, and AMP reader ID linking.

2*

__tbc

Cookie (Mandatory)

2 years

The Browser Cookie (clientsite.com)

External segmentation doesn't work (LtX, DMP), basically, Composer 1X doesn't work. Tracking conversions across the board will be broken.

2

__pc_*

Cookie (Mandatory)

730 days

The Custom Cookie

The "Set cookie" action card in Composer would produce no effect, targeting based on custom cookies won't work.

2

__pls

Cookie (Mandatory)

2 years

The ESP Push List Cookie

Composer can't differentiate whether the user has already subscribed to an ESP push list.

2

__tac

Cookie (Mandatory)

90 days

The Token Access List Cookie

Access checking in Composer stops working for the edge experiences and also access check via JWT won't work.

2

__tae

Cookie (Mandatory)

2 years

The __tac Expiration Cookie

__tac will attempt to refresh on every pageload.

2

_pcus

Cookie (Optional)

1 year

The Segment List Cookie

User segment fields won’t be logged for different events.

2

_pcer

Cookie (Essential)

Session

The Edge Cookie

Integration between Edge and Site experiences won’t work.

2

_pcfe

Cookie (Optional)

90 days

The Frequency Cap Cookie

Suspension of visible impression and close click tracking, as well as the inactivation of the Frequency Cap functionality within Composer experiences.

2

__pnml

Local Storage (Mandatory)

-

List of ESP Mailing List IDs

A user will see offers to subscribe to the newsletters, even if the user is already subscribed to them.

2

__tp-customVariables

Local Storage (Essential)

2 days

The Custom Variables

No impact.

2

__tp-customVariables-expiration

Local Storage (Essential)

2 days

The Custom Variables Expiration

No impact.

More information about how Custom variables are stored is available here.

2

*1 = first-party cookies (managed by publishers), 2 = first-party cookies (managed and set by Piano), 3 = third-party cookies.

We allow publishers to define the expiration length of Piano cookies in order to comply with local laws. This must be done within a configuration parameter in our Piano script. You can specify the maximum expiration time in days using the following method:

<span style="font-weight: 400;">tp.push(["setMaxCookieExpirationInDays", 365]);</span>

This setting must be configured before the Piano script is initialized (before execution of tp.push(‘init’)).

Values entered here will dictate that our cookies must expire within the specified timeframe. This setting will affect all cookies, except for the Adblocker cookie which expires within 1 month.

For Piano ID, the default expiration time is set to 30 days (730 hrs). This value can be edited in the Piano ID configuration as described here.

The cookie always expires at its max_age, unless the setting Extend expired access in the Piano ID configuration is checked.

Name: xbc

Valuea unique ID for the browser (aka the user) and an encrypted string of hashed URLs, including the last forty URLs viewed, or all URLs viewed over the last thirty days, whichever number is greater.

Expiration: 2 years.

Purpose: The Experience Cookie enables Piano’s software to observe individual visitors over time as they browse our clients' sites.

To clarify, Piano does not store the actual URLs. Only a 6-character hash of a URL, which cannot be reversed back to the actual URL, is stored and therefore provides no visibility into the exact pages that were visited by a given user.

These hashed URLs are stored to support pageview metering, specifically enabling usage of the "Unique pages only" feature which prevents the meter from being incremented by a metered page the user has already viewed. The number of hashed URLs stored will depend on the configuration of meters. There may be up to 40 stored, again depending on how your pageview meters are configured. For example, only a handful of hashed URLs will be stored if a pageview meter is set to expire after 5 pageviews, as there is no need to store more hashed URLs in this case.

We store some other data in this cookie to support the variety of Composer features cited next which require this cookie to work. Specifically, we store A/B test variant IDs for executed A/B tests, meter data (incl. the aforementioned URL hashes, counts, reset timestamps), data about credits and the affiliate program, executed experience IDs (for the first visit execution segmentation), data required for adblocker conversion tracking and meter sharing. The Experience Cookie also contains necessary data related to AMP reader ID linking, user segment IDs, and persistent session IDs. Piano also uses this data to build reports for clients based on site usage. In addition, data from this cookie is used to perform segmentation in Composer (e.g. to show a particular offer to users who have consumed two stories within 30 days).

The data we store in this cookie is subject to change as we support new features. We obfuscate data and do not store sensitive data in order to avoid privacy concerns. Furthermore, for security purposes, the cookie is binary serialised, compressed and AES encrypted with a publisher-specific key, so it is not possible to use data from the xbc cookie by unauthorised parties in any man-in-the-middle attack scenario.

Piano’s cookie size is constrained by the RFC-defined browser limit of 4 KB per cookie. While cookies such as xbc can approach this limit in rare cases (for example, when a client runs a lot of active experiences with numerous pageview meters), this is not typical. Piano uses a binary protocol to serialize data within the xbc cookie, and in most cases its size remains below 1 KB. However, for customers running multiple Composer experiences or pageview meters, cookie size limitations can become a challenge. DynamoDB Storage helps prevent browser cookie size limitations by offloading Composer data to external storage. Learn how it works in this documentation.

Name: __tbc

Value: contains browserId, userId, isNew flag.

Expiration: 2 years.

Purpose: Identify the end user's browser. Note: set for the client's domain.

The Browser Cookie stores encrypted data used by Piano’s Composer product.

Name: custom name with prefix __pc_

Value: varies on a case-by-case basis.

Expiration: 730 days.

Purpose: The client can create any cookie to monitor user behavior and compose an experience based on such behavior. Read more about the Set Cookie card here. This cookie will only be stored if such a SetCookie card is executed.

Name: __pls

Value: ESP push lists.

Expiration: 730 days (2 years).

Purpose: Contains a set of ESP push lists. Will only be stored if the Piano ESP product is used.

Name: __tac

Value: encrypted data.

Expiration: 90 days.

Purpose: The access token list cookie contains an encrypted payload with the current entitlements. The __tac cookie is updated every time when a user's access status changes. For example, in the case:

  • a user logs in

  • a user converts on a term

  • one or more of the user's accesses expired

  • a user has been granted access via the Piano dashboard - in this case, the cookie update will be done on the next pageview only

  • a manual cookie removal takes place

Name: __tae

Value: integer, only used by Piano.

Expiration: 2 years.

Purpose: Contains timestamp of expiration for __tac. Therefore the __tae cookie shows the last time the __tac cookie was updated.

Name: _pcus

Value: Segment list a user belongs to.

Expiration: 1 year.

Purpose: The cookie contains the segment list a user belongs to and gets refreshed after each Composer execution. This functionality is needed to get a complete data picture in the Piano analytics.

Name: _pcer

Value: Contains results of Edge execution, e.g. the outcome (Content restricted/loaded), Pageview meter, and Credit meter data.

Expiration: Session.

Purpose: Pass the Edge result to Site experience execution, so the “Experience outcome” card can be correctly executed.

Name: _pcfe

Value: Template interaction count for the Frequency Cap feature.

Expiration: 90 days

Purpose: We use this cookie to count template interactions. The count has been a part of the functionality that helps to set up rules on template interaction using Composer experiences. Each time an end user clicks on the cancel button or views a template, the count increases by 1 event.

We count events separately based on the type of template interaction:

1. Clicks on the “close” button;

2. Visible impressions;

For each type of interaction, the cookie stores up to 30 events. The count has been designed with a rolling window concept in mind. For each new event to be registered, the first event in the count should be removed to avoid exceeding the limit.

The cookie stores interactions that can be registered for the following types of templates:

1. Composer experience templates (Piano VX);

2. Content module template (Piano Content);

For templates above, you can define the frequency at which a particular template is shown to or interacted with by the same end-user in the given time frame. When the count of interactions meets the limit set by the frequency cap in Composer, the template will be constricted.

The frequency cap cookie size is dynamic, determined by the number of frequency cap cards used in Composer experiences. If no cards are set, the cookie is not created. The technical size limit is 4KB, though it typically doesn’t exceed 2.6KB.

Local Storage - ESP Mailing List IDs

Name: __pnml

Value: ESP mailing lists.

Expiration: -.

Purpose: Contains a list of ESP mailing lists. Will only be stored if the Piano ESP product is used.

Local Storage - The Custom Variables

Name: __tp-customVariables

Value: custom variables.

Expiration: 2 days.

Purpose: Stores current custom variables in the execution context.

Local Storage - The Custom Variables Expiration

Name: __tp-customVariables-expiration

Value: custom variables expiration.

Expiration: 2 days.

Purpose: Expiration time for __tp-customVariables. More information about how Custom variables are stored is available here.

Last updated: