How to setup web widget cookie per subdomain | Community
Skip to main content

How to setup web widget cookie per subdomain

  • October 26, 2021
  • 4 replies
  • 0 views
Andrzej11

I'm using a web widget (https://developer.zendesk.com/api-reference/widget/introduction/) for my product. My customers have multiple subdomains for example a.domain.com, b.domain.com. The problem is when someone starts a chat session in one subdomain and can view messages from this session in another subdomain. I noticed the web widget cookies are enabled for top-level domains. Is there any approach to fix this? 

    4 replies

    C
    Hey Andrzej,
     
    I'd like know a little bit more about your use case.  Do users normally navigate back and forth between a.domain.com and b.domain.com while in the middle of a chat session?  Also, do the external sites identify these users?  Or are they anonymous users?
     
    Best,
     
    S
    • Shayan11
    • April 8, 2022

    Hello @christopher53 did you come to any solution in regards to this issue?

     

    We are experiencing the same problems. Web Widget stores conversation history in Cookies (saved across subdomains) and local storage (not shared across subdomains). Is there any way to retain the conversation history across sub domains?

    In regards to authentication, we are planning to implement it, but there would be the same issue. 
    Users who are authenticated on one domain, might not be authenticated when they switch to the sub-domain... or would they? Unfortunately the documentation in this regard is very scarce. (I have read all the articles about end-user authentication for messaging, to no avail)

     

    C
    Hi Shayan,
     
    If it's the same widget on all pages across your external site's subdomains, then with authentication, the visitor will see the same conversation history across pages.  This is because there will be an authentication attempt on each page load to identify the visitor.
     
    Best,
      S
      • Shayan11
      • April 20, 2022

      Hey Christopher, 

      This already helped a lot, thank you for that information. So I assume the login-function sent to the Web-Widget would have to be called upon every single page load with the previously(or a newly?) generated JWT-Token of the user, ist that correct?

      zE('messenger', 'loginUser', function (callback) {
      callback('new-jwt-for-user');
      });

      Unfortunately the documentation seems to go into a lot of detail in how to create the JWT token, but seems unclear in how the token is supposed to be passed to the Web Widget.

       

      Another question I have is: Is it in anyway possible sharing conversation history for not-authenticated users over main domain - subdomain for the Web Widget? Or are there any plans to set the data to be stored into cookies instead of local storage? 
      Right now the only way I can think of would be to share local storage of the main domain with the sub domain, via an Iframe workaround, and this could cause potential security bottlenecks. 

       

      .

      Terms & ConditionsCookie settingsAccessibility statement