I recently had quite a problem with a site that used a different website name for the checkout process compared to the regular non-secure site. For example non-secure site is www.site.com, secure site is secure.site.com. This is addressed in the Google Analytics FAQ in a number of places, mostly to do with 3rd party shopping carts which doesn’t really apply here. In addition this issue is mentioned by a number of other people but their solutions were missing something as well.

After much digging around and wrong turns from the Google Analytics FAQ I came up with the following code that seems to handle this situation perfectly.

<!-- Start of Google Tracking -->
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
var pageTracker = _gat._getTracker("UA-123456-0");
pageTracker._setDomainName(".site.com");
pageTracker._setAllowHash(false);
pageTracker._setAllowLinker(true);
pageTracker._initData();
pageTracker._trackPageview();
</script>
<!-- End of Google Tracking -->

The important part I highlighted in red. Notice the peiod ‘.’ mark before the domain name. This signifies to Analytics that the cookie it sets should be available to any subdomain from this main domain thus allowing www.site.com and secure.site.com to reference the exact same cookie. If you don’t set the text in red then the www. and secure. will set two separate cookied and your tracking will not link your sale to your referring source correctly.