Let the platform do the work

Understanding Cookies in Sugar Market


A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is a small piece of data sent from a website and stored in a user's web browser while the user is browsing a website. Sugar Market's cookie server will cookie every visitor using the domain msgapp.com. When a visitor hits your website or submits a form, Sugar Market captures a unique ID that represents the email address from the msgapp domain. This ID is compared to a primary table that contains all the unique IDs and relates them to the email address. If the visitor exists in your contact/lead table, then Sugar Market can show the email address in the web activity since the person was cookied previously.

Cookies under msgapp.com have two IDs:

  • bid - browser ID
  • rid - recipient ID

Web browsers implement a sandbox. This means that they do not allow domains to share cookies (read or update). If we set a cookie via the msgapp.com domain, then a different domain like yahoo.com would not be able to access our cookie for msgapp.com and vice versa. Also note, cookies do not expire.

Cookies are used in various parts of Sugar Market, the type of cookie used depending on the part of the platform the customer is utilizing, as shown in the following table:

Type Name Description
Web Tracking Script bid (browser ID) A unique identifier used to help distinguish between devices.
Web Tracking Script rid (recipient ID) Used to compare against a primary table of emails and relate the visitor to an existing email to ensure consistent tracking.
Login webLogin Stores customer ID, user ID, and session ID.
Login SF_django_token Stores authentication information.
Page Builder Landing Page SFInteractionToken Tracks the page hit and is what begins the tracking.
Page Builder Landing Page cookieCompliance

Identifies whether the cookie has been accepted by the user for pages that have Cookie Consent functionality enabled.

Page Builder Landing Page _ga, _gat, _gid1 Dropped as a result of Google Analytics.
Page Builder Landing Page oktolead-0016vxtl5hd2ww-Country; oktolead-0016vxtl5hd2ww-Url1 Dropped by Oktopost to ensure proper social media tracking. This defaults onto every page built with Page Builder.

1Since the Google Analytics and Oktopost cookies are third-party services that we integrate into our platform, the names of the cookies may change.

To place a cookie, a web browser must hit a website. The website must then place a cookie on the machine. In web services, there are no interactions with the website or the cookie server. Web services use all server-based transactions, so the browser never visits the website and the person never gets a cookie.

An example is if you have a web form on your site and you are capturing data and then need a backend process to push that data into Sugar Market, you should use the cookie server. Your form would normally redirect to a "thank you" page, but with the cookie server, there is an extra jump between the form and the thank you page. You will go through our cookie server with a URL similar to the following:


Dynamically replace the email address with your own email address and have it go through the cookie server and back to the user with your own return URL.

The cookie server is:


where ea = email address and rurl = return url

If you are passing parameters in the rURL, you may have to do a URL encoding before you send. If you are using a CNAME, then www.msgapp.com in the above example will be your own domain.

First and Third Party Cookies

Sugar Market's tracking script uses cookies to track both known and unknown visitors to your website. The owner of a cookie is the domain specified within the cookie. This is important to understand since it creates two potential different types of cookies. First-Party Cookies are those associated with the domain of the website on which the tracking script has been placed. Third-Party Cookies are associated with a domain name different from that of the page where the cookie is encountered.

This means that if you own two websites, abc.com and xyz.com, Sugar Market can only place a first-party cookie on one of those websites. For example, if your Sugar Market account domain is xyz.com, (where inherently your web tracking script is set to the domain xyz.com), then any cookie that is dropped will be tracked successfully on the xyz.com website. In contrast, if any visitors of your abc.com has third-party cookies blocked, their web traffic will not be known (associated with their cookie) within Sugar Market, and therefore will not show up in their Journey. This is because an xyz.com cookie is considered a third-party cookie for abc.com.

Note : As web privacy increases, third-party cookies may be blocked by default in some browsers. We encourage all customers to set up SSL for their domain through Sugar Market to allow for more effective cookie tracking.