PureConnect

 View Only
Discussion Thread View
  • 1.  PureConnect for Salesforce cookie error logging in

    Posted 03-04-2020 12:21
    Hi,

    We've been running PureConnect for Salesforce (or CIC for Salesforce) for a couple years on Citrix thin clients.

    Starting yesterday, I have 3 Agents getting this error on Chrome v80.0.3987.122.

    "Error getting a user status.  A session cookie was provided with the request, but it is invalid or matching the the expectations."

    I restarted my web client IIS servers last night, and that didn't help.

    Has anyone else seen this error?

    Thanks in advance!
    Craig.

    #Integrations

    ------------------------------
    Craig Andree
    SECURIAN FINANCIAL NETWORK
    ------------------------------


  • 2.  RE: PureConnect for Salesforce cookie error logging in

    Posted 01-18-2021 09:12
    Hi Craig, was there any resolution for this, we are facing similar issue.

    ------------------------------
    Praveen D'Costa
    Verifone
    ------------------------------



  • 3.  RE: PureConnect for Salesforce cookie error logging in

    Posted 01-19-2021 16:33
    We ran into this issue a few months back, we had to use the workaround as the ES was not created for the release we are currently on:

    https://genesyspartner.force.com/customercare/kA41T000000fxqm?name=PureConnect-for-Salesforce-s-impact-from-SameSite-cookie-restrictions-in-Chrome-80&fromCase=1

    ------------------------------
    Andrew Wooster
    Genesco Inc.
    ------------------------------



  • 4.  RE: PureConnect for Salesforce cookie error logging in

    Posted 01-19-2021 16:41
    Thanks a lot Andrew, I cannot access this link, can you please paste the workaround here please!

    ------------------------------
    Praveen D'Costa
    Verifone
    ------------------------------



  • 5.  RE: PureConnect for Salesforce cookie error logging in

    Posted 01-19-2021 16:50

    Article Details

     
    Article Number 000085986
    Article Type Problem/Solution
    Title PureConnect for Salesforce's (PC4SF) impact from SameSite cookie restrictions in Chrome 80
    Summary This article describes how Genesys is addressing SameSite Cookie restrictions that will be introduced in Chrome 80 which is slated for a Feb 2020 release date.
    Impact  
    Affected Environment
    Product: PureConnect for Salesforce
    Browser: Chrome
    Question/ Problem
    You will notice this issue in a couple of ways:
    • Unable to log into the PureConnect for Salesforce integration.
    • When logging in I see "You must enable third-party cookies".
    • Softphone says "reconnecting" but never connects.
    Root Cause

    Starting with Chrome 76, you may see the following warning when using browser-based Genesys products in browser console tracing:

    "A cookie associated with a cross-site resource at <web_address> was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032

    This warning is related to the restriction on handling SameSite cookies that will be introduced in Chrome 80 which is currently slated for a Feb 2020 release date.  Microsoft Edge and Mozilla Firefox are in the process of enforcing these restrictions, but a definitive date has not been announced (as of 29 Jan 2020). Full details of the changes to Chrome are available here:

    SameSite Updates - https://www.chromium.org/updates/same-site 

    Solution

    For Premise Customers, below is how we are permanently addressing this change in our product: 

    Genesys is working to implement the required changes to both the integration and CIC as a long term solution: 

    1. The PureConnect for Salesforce softphone has been automatically updated via SCR CWCIC-1118. This was automatically be pushed to your PC4SF clients and the agents will receive the update the next time they log into the integration. You can verify you have it if your softphone is version 1.6.2814.

    1. ALL IC servers and OSSMs will need to apply the ES/patch from IC-156993 to update the HTTPPluginHost subsystem to handle this communication for customers 2018R4 or later
      Note: This requires you to be on the latest patch of your respective release version to apply the ES 

    Premise Workarounds: 

    1. Use an alternative browser to Chrome
      Note: Eventually other browsers plan to enforce this as well 

    2. Set Chrome Flags to turn this off: 
      1. To do this, navigate to [chrome://flags/] and set both "SameSite by default cookies" and "Cookies without SameSite must be secure" to "Disabled".
      2. Note: This workaround is dependent on Chrome leaving those settings in the next version
    3. Do not upgrade Chrome.
    4. Add the additional outbound rule on your reverse proxy to account for the change. This would be an alternative solution to applying the ES to HTTPPluginhost.
      • Preconditions:
        • User-added image
        • To help with clarify, below is the text form of this rule"
        • <rule name="Add SameSite Cookie" preCondition="No Samesite">
                              <match serverVariable="RESPONSE_Set_Cookie" pattern=".*" />
                              <action type="Rewrite" value="{R:0}; SameSite=None" />
                          </rule>
                          <preConditions>
                              <remove name="No Samesite" />
                              <preCondition name="No Samesite">
                                  <add input="{RESPONSE_SET_COOKIE}" pattern="." />
                                  <add input="{RESPONSE_SET_COOKIE}" pattern="(.*); secure" />
                                  <add input="{RESPONSE_SET_COOKIE}" pattern="; SameSite=None" negate="true" />
                              </preCondition>
                          </preConditions>
      • Outbound rule page:
        • User-added image



     

    For Cloud Customers, below is how we are permanently addressing this change in our product: 

    Genesys is working to implement the required changes to both the integration and CIC as a long term solution: 

    1. The PureConnect for Salesforce (PC4SF) softphone has been automatically updated via SCR CWCIC-1118. This was automatically be pushed to your PC4SF clients and the agents will receive the update the next time they log into the integration. You can verify you have it if your softphone is version 1.6.2814.

    1. All IC servers and OSSMs will need to apply the ES/patch from IC-156993 to update the HTTPPluginHost subsystem to handle this communication for customers 2018R4 or later. This will be done over time to your environments, please reach out to your TAM or Customer Care if you have questions.
      Note: This requires you to be on the latest patch of your respective release version to apply the ES 

    Cloud Workarounds are in place making it so all PureConnect Cloud customers should not be impacted by Chrome 80: 

    1. We have implemented changes to our web farm to handle the SameSite cookies issue. This is in effect, globally for PCI and non-PCI customers as of February 3rd.. This would be an alternative solution to applying the ES to HTTPPluginhost.
    Bottomline: PureConnect Cloud customers should automatically have the PC4SF update and the web farm changes were put in place instead of having to upgrade and applying the ES at this time. If you have questions or concerns. Please reach out to PureConnect Customer Care.

    NOTE: As additional solutions and workarounds become available, this KB will be updated accordingly. If you have any questions, please reach out to PureConnect Customer Care.

    Troubleshooting Steps

    Users who have upgraded to Chrome 80 will be unable to log into the PureConnect for Salesforce integration.  The following error will be presented upon attempting to load the PureConnect for Salesforce softphone.

    "Error getting user status. A session cookie was provided with the request, but it is invalid or matching the expectations."  It looks something like the following:



    ------------------------------
    Andrew Wooster
    Genesco Inc.
    ------------------------------



  • 6.  RE: PureConnect for Salesforce cookie error logging in

    Posted 01-19-2021 16:51
    Just an FYI, we used a group policy to set the Chrome flags.

    ------------------------------
    Andrew Wooster
    Genesco Inc.
    ------------------------------



  • 7.  RE: PureConnect for Salesforce cookie error logging in

    Posted 12-15-2021 02:52
    I have an application running in an iFrame. I am unable to use the ICWS APIs due to Chrome version 80 restriction on 3rd party cookies.

    The application is working fine when opening the application in Chrome browser directly. However, the same application is not working inside an iFrame within a 3rd party application.

    PureConnect version - 2021 R1 patch

    Please suggest for any configuration changes on iFrame or CIC.

    ------------------------------
    Aditya Jaitly
    NovelVox
    ------------------------------



  • 8.  RE: PureConnect for Salesforce cookie error logging in

    Posted 12-22-2021 08:49
    Does anyone have a workaround for this?

    ------------------------------
    Aditya Jaitly
    NovelVox
    ------------------------------