Skip to main content

Transfering 3rd party cookies

The session-continuation feature is inteded for transferring first party cookies. It is not able to transfer both first and third party cookies due to the way how browsers isolate cookies on different domains.

This is because browsers decide whether to send/set cookies or not on every request based on a couple of factors. One of the most important factors is if the request is "same-site" or "cross-site".

For browsers, a request is "same site" as long as the destination url and the url of the site that the user is visiting (the url that is in the address bar) share a common eTLD+1 suffix.

When a Surfly session is started using the session continuation feature, all requests generated by the browser will be considered to be originated from the URL where the session was started on. Remember that the Surfly session is iframe on top of the original website.

Relocating the user

It is, however, possible to transfer only third party cookies with a few tricks. This might be usefull in some cases (particularly the case in which session cookies are handled by a third party authentication provider).

For that case you can consider using the following steps.

Let's consider a scenario in which our first party cookies live in mywebsite.com and 3rd party cookies (authentication cookies) live in 3rdparty.net.

In this case the flow would be:

  1. User navigates to mywebsite.com
  2. User clicks on the "Get Help" button
  3. That click navigates the user to a 3rdparty.net page that also includes the Surfly widget (of course, you should be able to include the Surfly widget here)
  4. When 3rdparty.net loads, you can start the session by calling the startSession() method of the Surfly Js API
  5. Once the session has successfuly started, you should then use Surfly's JS API to relocate the cobrowsing window back to mywebsite.com