JsConnect Has Stopped Working In Some Browsers (And What We Are Doing About It)
Many of you have heard reports from customers about problems with some users signing into jsConnect. I'm going to do my best to give an explanation in one place here so everyone has a place to reference.
Recently, mobile safari released an update that disables third party cookies by default. As it turns out, jsConnect's technology acts like a third party cookie and therefore it doesn't work when they are disabled. It is also anticipated that Chrome and Firefox will also release updates that disable third party cookies.
In order to address this we are fundamentally changing the protocol of jsConnect.
We are developing drop in replacement for the jsConnect library that should address the issue for most customers. Our support will be available to help people get up to date. We are putting it in the next release which branches 3 April 2020 (morning). We will probably also backport the update to the current public clusters.
Anyone getting questions from customer should ask which client library they are using to help prioritize our client library updates.
What Vanilla Needs To Do
Here are the steps we are taking.
- Update our PHP library and jsConnect addon to use the new protocol.
- Release the update and backport to the current public clusters.
- Reach out to customers using jsConnect to inform them of the update. We will write a Kb article on the success community to help with communication.
- We will need to update the language other language libraries too.
- We need to update or Wordpress plugin to handle the new protocol.
- We will publish an implementation guide for customers that rolled their own library.
What CSMs And Support Need To Do
- If you get reports of jsConnect not working, update your customer with information from this discussion.
- Find out what client library the customer is using so that we can prioritize language implementations. If the customer rolled their own library we should know that too.
What Customer Need To Do
- Once we release the new client library the customer will need to update their sites. The PHP library is a drop-in replacement. The other languages may need a line of code changed.
- If you have a non-standard implementation of jsConnect then you may need to make more changes. Reach out to support for help.
- If you were using jsConnect's embed mode then you can continue to do so. It should be unaffected by this issue.
Current Status
Currently, I have developed the protocol and have the test link in the dashboard working with our stub SSO reference implementation. We are on track to get the release out.
Please note that this work is based on R&D done by Alex Chouinard a while back so we are reasonably confident in the methodology. That being said, due to the short timeline this issue, the situation will be fluid for some time.
Comments
-
@Todd Thanks for the update. Will this fix also apply to WordPress or does the WordPress plugin also need an update? We have many customers using this, so I wanted to highlight in case the plugin itself needs a fix - as it uses JSconnect.
3 -
We will need to address Wordpress separately. I'll add a note for that.
1 -
Can we get an updated CSV of the clients currently using jsconnect (with an active connection), preferably with plan levels and authorized contacts? It seems the most recent one is this: https://docs.google.com/spreadsheets/d/1UgG77lG-l_0UpXMKXG2pPtUCcD2IIrGQooD5Lmi5Yms/edit#gid=1854592272
While some clients have contacted us, not all are proactive. Success is working on an RCA and we'll need to begin proactively sending out communication.
0 -
I've put the RCA together here: https://docs.google.com/document/d/15WkyIIQQLGP048GHpW5Nk39uEYtCp9t2pMzyiCJH9zE/edit
0 -
Any word on the progress for this?
0 -
The new jsConnect code is in the release that is set to go out to public clusters on 13 April 2020. What is left:
- I need to write some docs on the change. Expecting to have this done today.
- Our Wordpress plugin needs updating. This is working its way through the devs this week.
- The other client libraries need to be updated. We are prioritizing Java and .Net first. Those will probably be done this week and next week.
- We will be writing an implementation guide for customers writing their own client library too. That will be done today.
0 -
The other client libraries need to be updated. We are prioritizing Java and .Net first. Those will probably be done this week and next week.
Am I to assume the PHP client library is the first one fixed? (since it says "other")
0 -
Yeah the PHP library has already been updated. Its README has been updated too.
1 -
The other languages we have are Python and Ruby. We don't have specific expertise in those languages so they are de-prioritized. Ultimately though, we will prioritize based on customer need, but we will need to get that information though.
1 -
I've added a doc to the KB about upgrading.
2 -
Is this live now and can be acted on immediately by customers, or will it only be active as of Monday with the 007 prod deploy?
0 -
My understanding is this stuff is only live on the 2020.007 release, which is currently on staging. In any case, since clients will need to update their JSConnect libraries, they should absolute test on their staging first!.
They should be able to do that starting today.
0 -
Unless they're new and in Trial. Monday is fine though.
0
