Ok they're either being very generous then.....or they haven't considered this themselves yet :winkwink: I personally feel 255 days is overdoing it....but kuddos to programs who offer this......right now I'm contemplating a month
even though from my own stance I feel that with a month I'm being very generous :winkwink:

It's funny sponsors say there's no problem with cookie beeing 1 day, affiliates want more. 3 days is way too little. 2 weeks minimum if the program is honest. Cookie is overwritten anyway, so what's the problem with keeping the cookie?
Surfer - site 1 - site1cookie - 2 days later - site 2 - site2 cookie overwrites site 1 - sale - site 2 gets the surfer. It's how it should be.

Truth is many surfers bookmark the site if they like it, and come back a week later (during the weekend maybe), or next month when the paycheck hits, or in few months when that loan on the card is finished, and buys then. But the incentive for this was the day that he boomarked it. Program owner knows this, and thus the incentive for short cookies. You get the sale, you dont credit anyone.

The problem is SE traffic...as program owner you'll end up paying affiliates
for a quite a bit of SE traffic with very long cookie time out settings

so a big CJ owner loads your site (using his ref code) in a tiny iframe... next an honest affiliate sends you the same visitor (using a link on his blog/gallery/...)... your system detects the difference between the new cookie and the info stored on your server and credits the CJ owner who never sent you any real traffic?

Not all sponsors have that.

Why's SE a problem? You do track refferers? If it's coming from google, you overwrite the cookie with yours. Plus, you shouldn't even be credited for SE in a timespan of a week or so, since he obviously looked for more references of your site because he saw it somewhere else (an affiliate). Maybe he was looking for reviews or something, but the spark that sent him to your site is that affiliate.

no referrers won't match....affiliate would be credited

we don't use anything that uses a default program owner cookie....to reset
cookies based on whatever referrers visitors come from. The SE issue I mentioned as an example if cookie time outs were set to a year for example
not for week :-)

You can't use referrer matching to credit webmasters if the cookie is jacked.. I could be sending through a redirect script on another domain (which I do), and not even close to all referrals show up.

And what u-Bob said, is correct.. This works and I have never seen an affiliate system that can stop or detect it if the Webmasters doesn't want them to.

We don't use refferer matching to credit webmasters. We compare cookie
data with the hash data we store serverside....this also includes referrer
info from when the cookie was set.

That said....what u-bob mention did get me thinking....and I'll have to further
investigate to be sure we're not vulnerable for such type of an attack. I can't
say we're not at this point.......so THANKS u-bob for the insight...I hadn't
thought of this myself yet.... :thumbsup

I will get back on this with an answer on how we think to tackle this problem :winkwink:

fiddy timed out cookies :thumbsup

I'm thinking something like this is ideal and fair for affiliates:

1. Cookie set for 7 days and also url based tracking.
2. Ref code from url always has priority over cookie.
3. No ref codes overwritten when the surfer comes from your base url. (thus the affiliate with the cookie set gets credit)
4. Last cookie set overrides previous cookies. (some potential for abuse but it is hard to stop.

I DON'T believe a surfer coming from google should automatically result in an affiliate cookie being overwritten. That really sucks for the affiliate. As long as #2 applies if a surfer gets sent directly by an affiliate and they do an impulse purchase, it won't matter if a CJ site is hijacking cookies.

To help prevent the CJ cookie hijacking you could also track that data. If it is found that 99% of an affiliates signups are coming from cookies as opposed to ref based url impulse buys this should be a red flag that they are up to something and should be investigated further.

Just some ideas. :2 cents:

You can help stop it by putting in cookie delays. Like if surferA gets a cookie, and returns say 2-5 minutes later with a new cookie, you keep surferA's cookie.

Outside of that, I don't know if it's possible to stop.

I have seen a TGP, do this on all gallery links. When they are clicked, a new window opens the gallery. However the TGP opens an ajax window behind a div layer, which loads the sponsor that belongs to that gallery link.

Ajax can then tell when the browser window is active again, reloads the sponsor, and the cookie is set back to the TGP owner. (the tgp can set a cookie to track returns too) The loads/clicks are broken up to the sponsor because it's done on each gallery click, which is several different sponsors.

I have also seen the direct iframe/frame load of this, which shows jacked up referral numbers, making it pretty easy to spot.

The goal is to target the returns/type-ins to the sponsor, that's a lot of possible traffic to the correct type of webmaster.

Great post...thanks, very much appreciated.....I'm keeping notes on
a bunch of stuff that gets mentioned in this thread and will use that
to improve our system before we're going live......thanks again on all your
thoughts...it helps us a LOT! :thumbsup

Not sure if I understand correctly....what we do now is upon a hit we set
a cookie and a server side store encoded hash string of the same data as
is set in the cookie added with some additional info that increases being able
to accurately match info.

If any of the cookie data doesn't match up with server side stored info
that belongs to that cookie, the cookie data is being ignored for tracking
and the server side info is being used instead. Plus we get alerted of
possibly something fishy is going on.

Amongst the additional data that we store is the referrer where the hit came
from when the cookie was first set. So in case the cookie gets jacked. It will
get detected as the referrer data won't match up with the stored info. So
both cookie as server stored data are being set/stored at the same time.
And system will only reject cookie if referrers are identical but other data doesn't match...

In case of different referrer both cookie and server stored data will be reset
with new data. In case of another affiliate sending surfer with previously stored other affiliate cookie

It's what the market will bear, the affiliate resellers that is.

The closer should always get the sale.

dammit I have to run out. Thread is bookmarked, I'll defenitely get back to this
thread as it contains a lot of valuable info.....thanks everybody we got some
great input already :thumbsup