This document describes the related concepts of visitor and session in the context of the Frosmo Platform and how the platform technically handles them.


A visitor is a user of a website. You can generally think of the visitor as a unique person browsing and interacting with the site on a single computer, smartphone, or other device.

Visitors using a website

Figure: Visitors using a website (click to enlarge)

The Frosmo Platform does not actually see the person, however, but the web browser they're using to access the site. Specifically, the platform registers the events and HTTP requests that the person's interactions with the site trigger in the browser, and the platform infers a visitor from these (with the assumption that there is a single person operating the browser). In a technical sense, therefore, a visitor is really a browser, and visitor behavior comprises the events and requests that the visitor's actions trigger in the browser and that result in the browser communicating with a web server. This means that, for example, if the same person enters the same site on two different browsers, the platform registers and tracks the person as two distinct visitors.

Browsers communicating with a web server, with the same person using two of the browsers

Figure: Browsers communicating with a web server, with the same person using two of the browsers (click to enlarge)

The platform automatically assigns a unique identifier, a Frosmo ID, to each new visitor (browser) that enters a site. The ID allows the platform to identify individual visitors for the purpose of tracking their interactions on the site and retrieving data specific to them from the Frosmo back end.

The platform generates the ID from the user agent (UA) string of the visitor's browser and the timestamp of their entry to the site. The ID does not contain any personal data that can be used to identify the visitor's person. The platform stores the ID in the visitor's browser, either in local storage or in a first-party cookie. If the browser cache for the site is cleared, either manually by the visitor or automatically by the browser, the ID is deleted from the browser. The visitor's next interaction on the site with the same browser registers them as a new visitor with a new ID.

By default, the Frosmo Platform collects and processes only anonymous and pseudonymous data about visitors; the platform does not collect data that by itself enables the identification of an individual person. The platform can also track personal data, however, such as user account data, but this is always separately agreed and planned with the site owner (customer).

For more information about visitor data tracking and security, see:

For information about viewing visitor data in the Frosmo Control Panel, see Visitor statistics.


A session (or browser session or web session) is a single continuous period of time during which a visitor uses a single website. In technical terms, the session is a series of contiguous HTTP requests triggered by the visitor in their browser as they interact with the site within a given time frame. If the visitor stops using the site – that is, the browser stops sending requests – for a sufficiently long period of time, the session expires. When the visitor next returns to the site, they start a new session.

In the Frosmo Platform, a session expires after 30 minutes of inactivity. In other words, if a visitor stops using a site for at least 30 minutes, and then continues using the site again in the same browser, the platform registers a new session for the visitor.

Visitor with three sessions on the same site

Figure: Visitor with three sessions on the same site (click to enlarge)

The platform can track the same visitor across multiple sessions provided the visitor does not clear their browser cache for the site in between sessions. If the visitor clears the cache, their next interaction on the site gets registered not only as a new session but also as belonging to a new visitor.

The platform uses sessions for various purposes, including: