I have a embedable survey widget to allow people to dynamically survey people who visit their websites.
I chose to use limesurvey paired with a survey plugin to set iframe permissions for domains. This allows for quick programming and deployment of surveys by our survey team.
This works fine for most browsers since they come out of the box with third party cookies allowed. Safari does not though (and i believe chrome will be defaulting to blocking third party in the near future? (I bet they wont block google analytics though...)).
I implemented a cookie check to let me know if I should bother rendering the survey or not. What I am trying trying to do is find a workaround for setting and persisting the session without using cookies for the cases that have third party disabled.
I am currently testing using local storage and setting the session ID myself for specific cases.
Has anyone done anything like this before that might have any insights on a secure and clean way to go?
I think I found my solution. Only for people who have third party cookies disabled and are accessing a survey through the widget, I will default to url session keys. Took a slight modification to the resetAllSessionVariables() where it generates the session ID but my proof of concept is working...
I'm an idiot. Realized after the fact that lime creates a form input with the session id on its own. Works fine out of the box if you manage the CSRF token.
