COOKIES
Device Token ("spot_dt") :
Spot generates a random UUID device_token for the browser. The value is a randomly generated unique 128-bit number (generated as uuidv4) such as "4d8f9e7a-3ccb-4b2b-8297-6372fd3bdfe0". All events submitted include the device token.
Session Token ("spot_st") :
Spot generates a random UUID device_token for the browser session. The cookie max age is set to the Spot config.sessionLength setting, which default to one hour. All Events submitted include the session token.
User Token ("spot_ut") :
Spot can read a user_token from the querystring or javascript variable. The recommended usage is the EDP user_token attribute, which is a random UUID not based on the member_id or customer db id In addition, Spot also supports any standard EDP identifier field (e.g. integration_id), in which case the value might not be a UUID.
User Token Attribute ("spot_uta") :
This cookie associates the User Token value with an EDP member attribute. The standard EDP member attribute for storing a device token is "user_token", but any other identifier field can be used, such as: integration_id, integration2_id, email, etc.
Do Not Track ("spot_dnt") :
Spot preserves user's optin or optout choice by setting a Do Not Track cookie "spot_dnt=1". Optin sets "spot_dnt=0", and Optout sets "spot_dnt=1". If Do Not Track is enabled ("spot_dnt=1") Events are blocked and not sent to the server.
Optin OptoutObviously Personal Information
Spot attempts to detect obviously personal information such as email addresses and will avoid saving those into cookies. So if a customer were to send an email address as the user_token in a querystring parameter (which is not recommended but technically possible), Spot would use the value for submitting events but never store it as a cookie.