JWT Sessions | Community
Skip to main content

JWT Sessions

  • February 22, 2018
  • 4 replies
  • 0 views
B

We are using JWT to authenticate users from within our software and then redirect them automatically, so that they can get to our Help Center without having to log in. The authentication is working as expected, but we are having an issue with the sessions.

When a user in our software clicks our Help Center link, a request is sent to generate a JWT token. The new token is being received back in our software successfully. The problem is, if the user has already been in the Help Center recently, when we redirect to the Help Center using the newly received token, Zendesk is finding the old/existing session, and redirecting them using that old session instead of creating a new one with the new token.

The real-world scenarios that his causes are as follows:

1) Our users all access our software from the same centrally located browser/computer at their workplace. Our software has a "Change User" option, so when someone new gets on the machine, they simply change over to their user and continue working. If User A clicks the Help Center link, they will be redirected correctly. Then, User A will typically close out of the Help Center when they're done, without logging out. If User B then gets on the computer and signs into our software, then clicks the Help Center link, they are redirected to the help center under the existing session, and get logged in as User A.

2) Another problem we have come across is that User A will access the Help Center, close the tab out when they're done, and then continue working in our software. After some time passes, they might need to go back to the Help Center. When they click the link again, they ARE receiving a new token in the back-end (I stepped through debug mode and saw that a new token generates every time, which is what we want), but, when they are redirected using the token Zendesk (or maybe the browser), is finding the old/expired session from before, and using that instead of explicitly using the new token to generate a new session. Since the session is expired, the redirect to the Help Center fails, and continues to fail unless the user clears all of their browser cookies/cache.

Is there any way kill all existing sessions, or automatically have the session end/cookies cleared anytime a user closes out of the Help Center without logging out? Has anyone else come across this issue and solved it in a different way?

Thanks!

 

    This topic has been closed for replies.

    4 replies

    S
    • Skip
    • February 22, 2018

    you can kill session by calling https://test.zendesk.com/access/logout.json and that will kill the session in the browser so you could call the logout before sending them to the login end point. Or you can use https://developer.zendesk.com/rest_api/docs/core/sessions on your JWT to delete sessions 

    B
    • Bryce13
    • Author
    • February 22, 2018

    I'll give it a shot - thanks for the quick response!

    B
    • Bryce13
    • Author
    • February 23, 2018

    Thanks Skip. The /logout endpoint ended up working for me. I was trying to avoid having to add any API calls, and this was the answer I needed. I had actually opened a ticket with Zendesk about this same issue and was told they didn't have a way to do what I needed, so I appreciate the tip!

    S
    • Skip
    • February 23, 2018

    Your welcome, it's a old trick from classic Zendesk. But as they say old tricks are the best tricks :)

    Terms & ConditionsCookie settingsAccessibility statement