This article covers a Bloomreach Experience Manager version 11. There's an updated version available that covers our most recent release.

Visitors, Visits and Cookies


For the Relevance Module to work across requests, the site needs to be able to track the visitor. For this purpose a cookie is used, with the name _visitor and an expiration time of 2 years. The cookie contains the visitor ID. Note that this is very similar to the way a regular HTTP session ID is stored.

The only information that is stored in the cookie is the visitor ID, a UUID that does not contain any information in itself apart from an identifier to distinguish the visitor from other visitors.

This cookie is likely to fall under the 'Activities unlikely to fall within the exception' section of the cookie guidance document:

Cookies used to recognise a user when
they return to a website so that the
greeting they receive can be tailored

This implies that visitors do need to acknowledge that a cookie will be installed.

Returning Visitor

A returning visitor is identified solely by the fact that a cookie is available on the first request.


The visitor data is persisted in a shared backend SQL database. Since the Relevance Module uses a dedicated cookie, requests can be served by any site node; there is no need for (sticky) http sessions.

HttpOnly Cookie

Available from 11.2.4 and onward

If, for security reasons, you want the _visitor cookie to be HttpOnly, you can achieve this by configuring:

+ targeting:targeting
  - targeting:cookiesHttpOnly = true

If not configured, by default, the _visitor cookie won't be http only.

Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?