passing entire PBS cookie in user.id field of request

[afsheenb]

Hello,

We're testing current HEAD of prebid-server master branch and Prebid.js repos trying to confirm that cookie syncing is working, and are seeing the following unexpected behavior - in the requests we send to demand partners, it seems we are passing the entire base-64 encoded PBS cookie in the user.id field instead of the specific user id. Here is an example from a logged request:

requestbody:"{"id":"497b1d0b-cad9-4169-b1d7-57eaaae35e5e","imp":[{"id":"div-gpt-ad-xxxxx-0","banner":{"format":[{"w":300,"h":250},{"w":300,"h":600}],"w":300,"h":250},"ext":{"appnexus":{"placement_id":10433394,"use_pmt_rule":false}}}],"site":{"domain":"xxxxx.com","page":"http://xxxxx.com/cookietest.html","publisher":{"id":"1"}},"device":{"ua":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36","ip":"xx.xx.xx.136"},"user":{"id":"eyJ0ZW1wVUlEcyI6eyJhZG54cyI6eyJ1aWQiOiI0ODM1NDg0NTU5Nzg3OTk3NDUxIiwiZXhwaXJlcyI6IjIwMTgtMDctMDlUMTQ6NTU6NTIuODU4MzgwNDE1WiJ9LCJvcGVueCI6eyJ1aWQiOiJjNWNkZjc5YS0xNDZmLTQyMTItYmM4OS00ZTM1Mjc4Y2E0YjMiLCJleHBpcmVzIjoiMjAxOC0wNy0wOVQxNDo1NjoyNS42NDc4MTkzMDNaIn19LCJiZGF5IjoiMjAxOC0wNi0yNVQxNDo1NTo1Mi44NTgzNzc4MzZaIn0=","buyeruid":"xxxxx"},"test":1,"at":1,"tmax":2000,"source":{"tid":"497b1d0b-cad9-4169-b1d7-57eaaae35e5e"},"ext":{"City":"Wolverhampton","Country":"United Kingdom"}}"

That encoded base-64 string translates to: {"tempUIDs":{"adnxs":{"uid":"4835484559787997451","expires":"2018-07-09T14:55:52.858380415Z"},"openx":{"uid":"c5cdf79a-146f-4212-bc89-4e35278ca4b3","expires":"2018-07-09T14:56:25.647819303Z"}},"bday":"2018-06-25T14:55:52.858377836Z"}

but after contacting their support engineers it seems that appnexus is only expecting to see the unique ID 4835484559787997451 encoded as base-64 in the request, not the entire cookie.

We're observing this on a fresh prebid-server installation, with no modifications save for the external_url being set in pbs.yaml. Is this a known issue or possibly due to a misconfiguration of some sort on our end?

[dbemiller]

so... I think there are a couple of things going on here.

Most importantly, though: I'm pretty sure Appnexus does not expect to see their ID as a base-64 encoded user.id. The Appnexus adapter hits an endpoint which is documented here.

Appnexus expects to see their ID as user.buyeruid... not user.id. And it doesn't mention anything about being base-64 encoded. You xxxxxxed this out in the request... but given the encoded string you listed, I would expect to see"buyeruid": "4835484559787997451" there if everything's working as intended.

According to the OpenRTB spec, user.id is supposed be:

Exchange-specific ID for the user.

Prebid Server sees itself as the Exchange... so the code is set up to populate user.id with the ID of the host company--not the Bidder.

All that in mind... the user.id is populated by the config. See the /openrtb2/auction implementation here: https://github.com/prebid/prebid-server/blob/master/endpoints/openrtb2/auction.go#L835

The PBS config lets you set these, like:

host_cookie:
  domain: ".your-domaincom"
  family: "your-bidder-code (ignored unless you're also a Bidder)"
  cookie_name: "cookie-for-your-userid"

If configured, PBS sets the user.id equal to the value of that cookie in the host company's domain.

---

That said: I'm not really sure why, or how, the user.id is getting set to the entire base64-encoded PBS cookie.

I can try to track it down if it'd help you somehow... but you might not need it, in light of the above. Let me know.

[afsheenb]

Thanks, I appreciate that! Apologies for the confusion. Going from your response, I think I'm playing an accidental game of telephone and don't want to turn this into an XY problem (https://en.wikipedia.org/wiki/XY_problem) on top of that, so instead can I ask:

Assuming I have the latest commit (HEAD of master branch) of prebid-server running;
And further that I have loaded a page with the latest commit of Prebid.js found in HEAD of master branch of that repository;
And further that the external_url - and nothing else - is configured in pbs.yaml;
And, finally, that on page we have configured the endpoint, syncEndpoint and cookieSet keys in the s2sConfig object;

....should we expect cookie syncing to work out of the box with prebid-server, or is there any sort of additional configuration required?

[dbemiller]

Yes... ish. There are two other caveats.

1. A few Bidders use configurable usersync URLs. You can see those here
2. If you care about GDPR, you'll need to get on the global vendor list and add some config like:

gdpr:
  host_vendor_id: 32
  usersync_if_ambiguous: false
  timeouts_ms:
    init_vendorlist_fetches: # some timeout for startup
    active_vendorlist_fetch: # some time for in-line auction fetches

using your global vendor list ID. Also: get your legal team to look over the GDPR tickets and make sure they're ok with it.

If you don't care about GDPR, you'll want to configure: usersync_if_ambiguous to be true instead.

[dbemiller]

I'm not an expert on the JS side, so... I'm not 100% sure on this:

And, finally, that on page we have configured the endpoint, syncEndpoint and cookieSet keys in the s2sConfig object;

but I believe that's accurate. If you experience problems and want to test whether PBS works in isolation, I'd recommend getting Postman or something and running through the cookie sync process manually.

[dbemiller]

Closing for inactivity.