Graphed LogoGraphed
Login

When Do Google Analytics Cookies Expire?

Cody Schneider

Understanding when your Google Analytics cookies expire used to be straightforward, but things have changed. With the switch to Google Analytics 4 and increasing browser privacy controls, knowing how long a user is tracked has become more complex. This article will break down exactly how long different Google Analytics cookies last, what it means for your data, and what you need to be aware of in GA4.

What Are Google Analytics Cookies Anyway?

Before talking about expiration dates, let's quickly review what Google Analytics (GA) cookies do. When someone visits your website, your GA tracking code places small text files called cookies on their browser. These files are essential for collecting data and don't contain personally identifiable information themselves, but act like a unique nametag for that browser.

Their primary jobs are to:

  • Distinguish between users: GA needs a way to know if pageview number two is from the same person as pageview number one or from a totally new visitor. A "Client ID" cookie handles this.

  • Remember user sessions: A session is a group of user interactions with your website that takes place within a given timeframe. Cookies help GA understand when one session ends and another begins.

  • Track campaign sources: Cookies can store information about how a user arrived at your site (e.g., from a Google Ad, a social media post, or an email newsletter), which is crucial for measuring marketing performance.

An expiration date is simply the "use by" date for that cookie. Once a cookie expires, the browser deletes it. The next time that same person visits your site, Google Analytics won't recognize their old nametag and will issue them a new one, treating them as a new user — even if they've visited dozens of times before.

Cookie Expiration in Universal Analytics (The Old GA)

While Google has fully switched to GA4, understanding how cookies worked in Universal Analytics (UA) provides helpful context, as many of its core principles carried over. If you've been working with GA for a while, these names will probably look familiar.

Here were the main players in Universal Analytics:

  • _ga: This was the main cookie. Its job was to store the Client ID, the unique identifier that distinguishes one user from another. By default, it was set to expire in 2 years. It's a "rolling" expiration, meaning the 2-year clock would reset every time the user visited your site again.

  • _gid: This cookie also stored a Client ID, but its sole purpose was to distinguish users on a daily basis. It had a short expiration of just 24 hours.

  • _gat: This cookie wasn't for tracking users but for managing performance. It was used to "throttle" the request rate — ensuring that not too many tracking requests were sent to Google's servers in a short amount of time. It only lasted for 1 minute.

  • gac: If you linked your Google Ads and Google Analytics accounts, this cookie appeared. It stored campaign information for a user. When that user converted, Google Ads could read the information from this cookie to take credit for the conversion. It had a default lifetime of 90 days.

For years, the "2-year default" for the _ga cookie was the standard answer for how long GA remembered a user. But that's no longer the full story.

How GA4 Cookies Work and Their Expiration

Google Analytics 4 simplified its approach to cookies. Instead of a handful of different specialized cookies, GA4 mainly relies on two for distinguishing website users through its gtag.js library.

  • _ga: This cookie is still the primary workhorse, storing the Client ID. Just like in UA, its default expiration is 2 years, and this timer resets with each new visit.

  • ga: This is the GA4 equivalent used to persist session state. It helps GA4 know that different pageviews during a single browsing session belong together. It also has a default expiration of 2 years, updated with each hit.

Notice that GA4 focuses on the first-party _ga cookie. This is part of a larger, privacy-first move to reduce reliance on different types of tracking technologies and give website owners more control over their data.

Which brings us to the biggest source of confusion in GA4: cookie expiration isn't the only timer you need to worry about.

Cookie Expiration vs. Data Retention in GA4

This is the most critical concept to understand in modern analytics. The cookie lifespan on a user's browser is completely separate from how long Google stores the detailed user data on its servers.

  • Cookie Expiration: The _ga cookie on a visitor's browser has a 2-year lifespan by default. This is client-side, happening on the user's device.

  • Data Retention: This is a server-side setting in your GA4 property that determines how long Google servers store user-level and event-level data associated with cookies and other identifiers.

In GA4, the data retention setting is much shorter. Your options are:

  • 2 months (The default)

  • 14 months (You have to manually change it to this!)

So, what happens after 2 (or 14) months? Google automatically deletes granular user-level data. This includes information about specific users' behavior, which events they triggered, and their device information. You can no longer drill down into one individual's journey from more than 14 months ago.

Crucially, this data retention policy does not affect most of your standard, aggregated reports. Your reports on total Users, Sessions, Pageviews, and Revenue will still have all historical data. The setting only impacts your ability to do more granular analysis in the "Explore" section of GA4 or when building user-based audiences for ad campaigns.

How to Change Your GA4 Data Retention Setting

Unless you have a strong reason not to, you should change this setting to 14 months immediately to maximize the historical data available for deep analysis.

  1. Go to your GA4 property and click Admin in the bottom-left corner.

  2. Under the Property column, click on Data Settings > Data Retention.

  3. Use the dropdown menu under Event data retention to select 14 months.

  4. Be sure the "Reset user data on new activity" toggle is turned ON. This mimics the cookie's rolling expiration, resetting the 14-month clock whenever a user returns.

  5. Click Save.

The Wildcard: Browser Privacy Rules (ITP, etc.)

Even if GA4 sets a cookie for 2 years, there's no guarantee the browser's policies will allow it. Browsers like Safari and Firefox have introduced their own tracking prevention features that can override a cookie's intended lifespan.

The most famous example is Apple's Intelligent Tracking Prevention (ITP) for the Safari browser. To limit cross-site tracking, ITP can cap the lifetime of first-party cookies (like GA's _ga cookie) set via JavaScript to just 7 days. In some instances where a user arrives from a known tracker or ad link, it can be as short as 24 hours.

This has a massive impact on your analytics. A loyal customer using Safari who visits your site every ten days will look like a new user on every visit. Their _ga cookie will have expired between visits, breaking the ability to track them as a "Returning Visitor."

If a large portion of your audience uses Safari (common for US-based, mobile-heavy audiences), your "New Users" count is likely inflated, and your "Returning Users" count is understated. This isn't a flaw in GA4, but rather the new reality of browser privacy in a cookieless world.

What This All Means For Your Reporting

So, how should you adapt to this new environment? Here are the practical takeaways:

  1. Set a Realistic Lookback Window: Acknowledge that long-term user behavior analysis is less reliable. Analyzing trends over 30, 60, or 90 days is now more actionable than trying to track a user’s journey over a full year or more.

  2. Analyze by Browser: If possible, segment your reports by browser. If you notice significantly different "New vs. Returning" user ratios between Safari/Firefox and Chrome, you know that browser privacy settings are likely the cause.

  3. Leverage Other Identifiers: Relying solely on browser cookies is becoming less viable. Techniques like server-side tagging and using the User-ID feature (which tracks logged-in users across devices) can give you a more accurate and persistent view of user behavior.

  4. Focus on Shorter Attribution: Since browser policies can cut down tracking windows, the value of fast, direct conversions might appear higher, while longer, multi-touch journeys become harder to measure accurately. Be aware of this when evaluating campaign channels.

The key is to understand that a user is now more of an abstract concept. It can mean a persistent ID for two years on Chrome, seven days on Safari, or one day for someone who clears their cookies religiously. As long as you know the rules, you can interpret your data more accurately.

Final Thoughts

In short, the default Google Analytics cookie lasts for two years, but this lifespan is often cut short by browser privacy features like Apple's ITP, and it's completely separate from GA4's server-side data retention settings, which cap detailed user-level reporting at 14 months.

Trying to make sense of user journeys becomes even tougher when accounting for different rules across all your sales and marketing platforms. We've found that constantly wrestling with platform-specific reporting rules and exporting CSVs just to get a single clear answer takes away from time you could be using to act on insights. That’s why we connected our favorite tools, like Google Analytics, directly to Graphed so we can use simple language to ask questions about our campaigns and get instant, real-time dashboards that show the complete picture without the manual work.