Managing Application Insights Cookies

Pliyo picture Pliyo · Jul 8, 2015 · Viewed 8.4k times · Source

I'm wondering how application insights work with cookies because I'll like to understand user and session tracking, so I've been researching and...

Here is a brief introduction about the theory:

  1. Whenever Application Insights SDK get a request that doesn’t have application insights user tracking cookie (set by Application Insights JS snippet) it will set this cookie and start a new session. (from apmtips )

2.

UserTelemetryInitializer updates the Id and AcquisitionDate properties of User context for all telemetry items with values extracted from the ai_user cookie generated by the Application Insights JavaScript instrumentation code running in the user's browser.

SessionTelemetryInitializer updates the Id property of the Session context for all telemetry items with value extracted from the ai_session cookie generated by the ApplicationInsights JavaScript instrumentation code running in the user's browser. (from azure documentation (Configuring the Application Insights SKD with ApplicationInsights.config))

So there are two cookies: ai_session, and ai_user.

And here comes my questions:

  1. When are they initialized?
  2. What is doing it?
  3. How can I stop using them?
  4. If I wanted to keep them, how could I change their expiration time?

Trying to remove them I made a project using ASP.NET Web Applications using the default template for Web Api, which includes MVC and Web Api.

Doing a research I found this approach to disable them but I don't have any WebSessionTrackingTelemetryModule. So I commented out "UserTelemetryInitializer" and "SessionTelemetryInitializer" and this is what I have:

<TelemetryInitializers>

  <Add Type="Microsoft.ApplicationInsights.Extensibility.Web.SyntheticTelemetryInitializer, Microsoft.ApplicationInsights.Extensibility.Web" />
  <Add Type="Microsoft.ApplicationInsights.Extensibility.Web.ClientIpHeaderTelemetryInitializer, Microsoft.ApplicationInsights.Extensibility.Web" />
  <Add Type="Microsoft.ApplicationInsights.Extensibility.Web.UserAgentTelemetryInitializer, Microsoft.ApplicationInsights.Extensibility.Web" />
  <Add Type="Microsoft.ApplicationInsights.Extensibility.Web.OperationNameTelemetryInitializer, Microsoft.ApplicationInsights.Extensibility.Web" />
  <Add Type="Microsoft.ApplicationInsights.Extensibility.Web.OperationIdTelemetryInitializer, Microsoft.ApplicationInsights.Extensibility.Web" />

<!--<Add Type="Microsoft.ApplicationInsights.Extensibility.Web.UserTelemetryInitializer, Microsoft.ApplicationInsights.Extensibility.Web" />-->
<!--<Add Type="Microsoft.ApplicationInsights.Extensibility.Web.SessionTelemetryInitializer, Microsoft.ApplicationInsights.Extensibility.Web" />-->

 <Add Type="Microsoft.ApplicationInsights.Extensibility.Web.AzureRoleEnvironmentTelemetryInitializer, Microsoft.ApplicationInsights.Extensibility.Web" />
 <Add Type="Microsoft.ApplicationInsights.Extensibility.Web.DomainNameRoleInstanceTelemetryInitializer, Microsoft.ApplicationInsights.Extensibility.Web" />
 <Add Type="Microsoft.ApplicationInsights.Extensibility.Web.BuildInfoConfigComponentVersionTelemetryInitializer, Microsoft.ApplicationInsights.Extensibility.Web" />
 <Add Type="Microsoft.ApplicationInsights.Extensibility.Web.DeviceTelemetryInitializer, Microsoft.ApplicationInsights.Extensibility.Web" />


</TelemetryInitializers>

And :

<TelemetryModules>

<Add Type="Microsoft.ApplicationInsights.Extensibility.DependencyCollector.DependencyTrackingTelemetryModule, Microsoft.ApplicationInsights.Extensibility.DependencyCollector" />
<Add Type="Microsoft.ApplicationInsights.Extensibility.PerfCounterCollector.PerformanceCollectorModule, Microsoft.ApplicationInsights.Extensibility.PerfCounterCollector"/>
<Add Type="Microsoft.ApplicationInsights.Extensibility.Implementation.Tracing.DiagnosticsTelemetryModule, Microsoft.ApplicationInsights" />
<Add Type="Microsoft.ApplicationInsights.Extensibility.Web.RequestTrackingTelemetryModule, Microsoft.ApplicationInsights.Extensibility.Web"/>
<Add Type="Microsoft.ApplicationInsights.Extensibility.Web.ExceptionTrackingTelemetryModule, Microsoft.ApplicationInsights.Extensibility.Web" />
<Add Type="Microsoft.ApplicationInsights.Extensibility.Web.DeveloperModeWithDebuggerAttachedTelemetryModule, Microsoft.ApplicationInsights.Extensibility.Web" />

</TelemetryModules>

But it doesn't make a difference. Either I leave the modules commented or not, the cookies are still being generated.

Trying to remove the cookies, I commented the steps done in Startup and exclude from my project all the .js files, but the cookies keep appearing after every request.

So at this point I don't understand where the "Application Insights Javascript" takes place and I guess that what I'm missing is something in the backend. Am I wrong?

Finally, my commented Startup.cs looks like:

[assembly: OwinStartupAttribute(typeof(Try001.Startup))]
namespace Try001
{
    public partial class Startup
    {
         public void Configuration(IAppBuilder app)
         {   
            //ConfigureAuth(app);
         }
    }
  }

And my Global.asax.cs looks like:

public class MvcApplication : System.Web.HttpApplication
{
    protected void Application_Start()
    {
        //AreaRegistration.RegisterAllAreas();
        //FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
        RouteConfig.RegisterRoutes(RouteTable.Routes);
        //BundleConfig.RegisterBundles(BundleTable.Bundles);
    }
}

Where RegisterRoutes is just doing the default routing. So I aimed to do just the very basic stuff to get it working, but I don't have a clue about where to keep digging.

Could someone enlighten me?

Thanks for reading so far.

Answer

Alex Bulankou picture Alex Bulankou · Jul 8, 2015

Cookie initialization logic happens in Application Insights JavaScript SDK. If you look in the source of your page you will notice JS from //az416426.vo.msecnd.net/scripts/a/ai.0.js. You can also read/contribute to the source code of JavaScript SDK on GitHub: https://github.com/Microsoft/ApplicationInsights-JS

Replying to your questions:

When are they initialized and what is doing it?
They are initialized by JavaScript SDK when it attempts to send any telemetry item and checks if the cookie are not present, it creates them. For details see https://github.com/Microsoft/ApplicationInsights-JS/blob/master/JavaScript/JavaScriptSDK/Context/User.ts, there's also similar logic for session cookie.

How can I stop using them?
As of the more recent versions of the JavaScript SDK, you can now control the cookies as well as the local storage for both user information and the session buffer (used to rate limit the requests to AI) through the config object:

...snippet...
}({
    instrumentationKey: "<your key>",
    isCookieUseDisabled: true,
    isStorageUseDisabled: true,
    enableSessionStorageBuffer: true
});

If I wanted to keep them, how could I change their expiration time? There are two settings you can control:

  • session renewal time - how much time elapses before session is reset with no activity (default is 30 minutes)
  • session expiration time - how much time elapses before session is reset even with activity (default is 24 hours).

To change them set following values in this snippet next to where instrumentation key is set:

      ..snippet..
 }({
        instrumentationKey: "<your key>",
        sessionRenewalMs:<your custom value in ms>,
        sessionExpirationMs:<your custom value in ms>

    });