Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iOS Dropping cookies in Facebook App

U

Uplift

macrumors 6502
Original poster
Feb 1, 2011
465
187
UK
This question isn't directly related to app development, but I am hoping some app developers can help.

I work for a marketing company, we get most of our traffic from Facebook via various pages. 90% of our audience is mobile and most of that is iOS... Android is second.

We generally handle thousands of users each day. We share links which our user click to visit a specific website or whatever...

When a user clicks a link we're able to track that click and store it in a database, we then drop a cookie to track them on the end website.

Link clicks and cookie drop stats are generally very similar. 1 click = 1 cookie drop

Over the last few months we have noticed a massive decline in cookie tracking, but the link clicks are going up yet cookie stats are going down each day and at the moment we're at a 60% loss of users with no sign of slowing down...

This tells us that when a visitor is clicking on a link on Facebook, and being redirected to the end site, the cookie or something else is being lost in translation and failing to track the user.

We can't find any technical issue with our system so we are now looking at Facebook.. As most of you know Facebook uses it's own in app browser, we're starting to wonder if iOS or Facebook has recently changed anything that could impact what we're doing?

Is there any way we can debug it? or be able to see whats actually happening?

I appreciate this is a really hard question to answer, we're basically clutching at straws now and hoping any app developers will know something we don't that might have changed in FB or iOS.

We're not doing anything underhanded, it's a simple header redirect with PHP which simply tracks the click and then sends them off to a specific website, in that process a cookie is dropped which allows us to track them after they leave our domain.. the problem is the tracking via the cookie isn't being registered, as if the cookie isn't being set or something.

Any input at all is great appreciated :)
 
Uplift said:
This tells us that when a visitor is clicking on a link on Facebook, and being redirected to the end site, the cookie or something else is being lost in translation and failing to track the user.
Click to expand...

Based on what you describe, it sounds like you are giving the link to Facebook for "blah.com/something" as "marketer.com?referral=refc0de" then when the link is clicked, the traffic is sent to marketer.com which does its thing (counting, tagging) and then passes you blah.com in a similar method that Google uses to buffer traffic through their own analytics/oversight end.

This is purely a guess, but if the user leaves your domain via a seamless redirect and has "Allow from current website only" or "Allow from websites I visit", then you may not have privileges to set/read cookies on the end site. I'm not too keen on exact operation or conditions they follow, but the Facebook -> Marketer -> Website jump may be breaking the chain since your site isn't being counted as a "website I visit" (the default option) if the user hasn't actually visited it.

I remember vaguely reading about something about redirects breaking CSFR protection in some script around Safari 8, when the behavior had significant change.
 
Mascots said:
Based on what you describe, it sounds like you are giving the link to Facebook for "blah.com/something" as "marketer.com?referral=refc0de" then when the link is clicked, the traffic is sent to marketer.com which does its thing (counting, tagging) and then passes you blah.com in a similar method that Google uses to buffer traffic through their own analytics/oversight end.

This is purely a guess, but if the user leaves your domain via a seamless redirect and has "Allow from current website only" or "Allow from websites I visit", then you may not have privileges to set/read cookies on the end site. I'm not too keen on exact operation or conditions they follow, but the Facebook -> Marketer -> Website jump may be breaking the chain since your site isn't being counted as a "website I visit" (the default option) if the user hasn't actually visited it.

I remember vaguely reading about something about redirects breaking CSFR protection in some script around Safari 8, when the behavior had significant change.
Click to expand...

Thanks for the reply. yeah you're not far off.. however it is a tried and tested method that has worked for over 2 years.

We post our short URL to Facebook -> visitor clicks -> they are redirected to our PHP script which logs their click into the database -> we then redirect them to intended website -> a cookie is then dropped which is able to track that users specific interaction (i.e. we're able to tell whether this user has performed the intended action after landing on the site). it's a legitimate tried and tested method, cookies are generally dropped fine when we test it on desktop... there is no such way to test on iOS/Facebook app.

We have narrowed it down to iOS which has had the biggest drop in tracking stats from a cookie.. other devices seem fine.
 
Ah.

It's been awhile since I've opened Facebook, but it looks like they're injecting information into the session so that most likely means they're working off a WKWebView subclass, which is a pretty rigid sandbox for doing work outside of the scope intended.

I can really only point in that direction with some concern; it may have been a shift from UIWebView on Facebook's end that's causing different behavior. I'm not sure, though, because I don't use it enough to notice or follow their public development.
 
dantastic said:
They could be doing something evil like keeping track of which cookies are being added by pages and deleting them in one bit evil scheme to control the tracking. Does that sound cynical, perhaps. Wouldn't put it past them tough.

Any app can access and manipulate any cookie - systemwide.
https://developer.apple.com/library...Foundation/Classes/NSHTTPCookieStorage_Class/
Click to expand...

Thanks for your input, will certainly look into it, not really sure how we will ever find out if Facebook is doing something though :(
 
Uplift said:
Thanks for your input, will certainly look into it, not really sure how we will ever find out if Facebook is doing something though :(
Click to expand...

I'd probably just build a small app that contains UIWebView, WKWebView, and even a SafariViewController with links to emulate the issue, and start box testing. If the issue doesn't present itself in any of those instances, it is probably Facebook's doing (and most likely unintentional) and may be worth bringing to their attention through their developer side.

At the very least, you can know Facebook is moving web content through one of those three avenues.

You also may be able to find some more resources in their development portal, though I'm not sure where or what you'd be looking since this isn't an issue with Platform necessarily.
 
Mascots said:
I'd probably just build a small app that contains UIWebView, WKWebView, and even a SafariViewController with links to emulate the issue, and start box testing. If the issue doesn't present itself in any of those instances, it is probably Facebook's doing (and most likely unintentional) and may be worth bringing to their attention through their developer side.

At the very least, you can know Facebook is moving web content through one of those three avenues.

You also may be able to find some more resources in their development portal, though I'm not sure where or what you'd be looking since this isn't an issue with Platform necessarily.
Click to expand...

Thanks for your help, I have joined the Facebook developer group, not really expecting much back but we'll see...

We have definitely narrowed it down to Facebook's in app-browser doing something with the cookies.. although we're unable to reproduce the issue when doing internal testing.
 
Can I ask did a solution ever get found on this?

I have the same problem. We run an affiliate marketing companies Facebook and website. They put affiliate tracking links into a Facebook post, when somebody clicks it, it redirects to a page that leaves a cookie on their browser. For 30 days any sales from that user gives our client a commission because the cookie tracks them.

BUT!!!

I think the Facebook app browser doesn't store any history/cookies. So once you close the fb web browser and go back to the post, the cookies are deleted along with the history and tracking.

Is there any way of this being kept alive, or transferring the cookie over to safari?
 
Unfortunately not, it looks like FB destroys the cookies after each session.

We don't have the same problem anymore, it eventually fixed itself we found Facebook was testing some functionality that gave us unexplained results... Everything is OK now but we do still have the problem of persistent cookies being cleared.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back