- Posts: 88
- Thank you received: 33
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
Sessions and third party cookies in Iframe
- Bigred01
- Topic Author
- Offline
- Premium Member
Less
More
4 years 1 month ago #194326
by Bigred01
Sessions and third party cookies in Iframe was created by Bigred01
Hello.
I have a embedable survey widget to allow people to dynamically survey people who visit their websites.
I chose to use limesurvey paired with a survey plugin to set iframe permissions for domains. This allows for quick programming and deployment of surveys by our survey team.
This works fine for most browsers since they come out of the box with third party cookies allowed. Safari does not though (and i believe chrome will be defaulting to blocking third party in the near future? (I bet they wont block google analytics though...)).
I implemented a cookie check to let me know if I should bother rendering the survey or not. What I am trying trying to do is find a workaround for setting and persisting the session without using cookies for the cases that have third party disabled.
I am currently testing using local storage and setting the session ID myself for specific cases.
Has anyone done anything like this before that might have any insights on a secure and clean way to go?
Thanks
I have a embedable survey widget to allow people to dynamically survey people who visit their websites.
I chose to use limesurvey paired with a survey plugin to set iframe permissions for domains. This allows for quick programming and deployment of surveys by our survey team.
This works fine for most browsers since they come out of the box with third party cookies allowed. Safari does not though (and i believe chrome will be defaulting to blocking third party in the near future? (I bet they wont block google analytics though...)).
I implemented a cookie check to let me know if I should bother rendering the survey or not. What I am trying trying to do is find a workaround for setting and persisting the session without using cookies for the cases that have third party disabled.
I am currently testing using local storage and setting the session ID myself for specific cases.
Has anyone done anything like this before that might have any insights on a secure and clean way to go?
Thanks
The topic has been locked.
- Bigred01
- Topic Author
- Offline
- Premium Member
Less
More
- Posts: 88
- Thank you received: 33
4 years 1 month ago #194404
by Bigred01
Replied by Bigred01 on topic Sessions and third party cookies in Iframe
I think I found my solution. Only for people who have third party cookies disabled and are accessing a survey through the widget, I will default to url session keys. Took a slight modification to the resetAllSessionVariables() where it generates the session ID but my proof of concept is working...
The topic has been locked.
- Bigred01
- Topic Author
- Offline
- Premium Member
Less
More
- Posts: 88
- Thank you received: 33
4 years 1 month ago #194405
by Bigred01
Replied by Bigred01 on topic Sessions and third party cookies in Iframe
I'm an idiot. Realized after the fact that lime creates a form input with the session id on its own. Works fine out of the box if you manage the CSRF token.
The topic has been locked.