Zendesk support for cookie-restricted browsers (Safari, Chrome, Firefox)

Return to top

77 Comments

  • Joseph Crivello

    @... +1

    Enabling cross site tracking is a completely unacceptable "work around" for many reasons. First and most obviously, Zendesk is asking its users to degrade the security of their ENTIRE BROWSING EXPERIENCE across all websites. Second, it requires end users to follow a convoluted process to implement the workaround which requires handholding from an agent. This makes it completely impractical for almost all of the use cases that are being complained about in this thread. It is just so obviously unacceptable that the mere proposal of it as the sole workaround (for years now) rises to the level of being insulting. The message being sent here again and again is that Zendesk doesn't care about the customers of its core product.

    4
  • Chet Farmer

    The workaround is LITERALLY ALLOWING CROSS-SITE TRACKING.

    I will not do that. It's not an acceptable path for me, or for my customers. So no, it's not "working".

    Until & unless you change this expectation, there's no point in you creating a ticket for me.

    4
  • Tiago Soromenho

    I agree that it is really ridiculous that @... seems oblivious to all the previous comments, the documentation of the issue in this thread, and the issues that so many of us continue to have.  But there might be a reason she's unaware of the painful history:

    The top / original article has been updated with instructions (for mac/safari) _that actually work_! (I just tried it out). I am now able to login with Safari, whereas it's been years since I had to use Firefox only to be able to login.

    Seems like there is now a pop-up that asks whether or not to allow Zendesk to use cookies.  The prompt is general, and doesn't share what cookies/scope that we're allowing them to access, but I would assume fairly safely that we're authorizing Zendesk to store and access cookies associated with our host-mapped domains, instead of storing them in the third party sites. If so that IS a huge improvement!

    I think the issue may be that this change was not communicated in the comments. Last comments were from @... about three months ago, and then nothing.  This fix seems newer than that -- even if the top article says it was last modified 5 months ago. I know I've tried to do what the article mentions many times since, and this pop-up feels new; I don't recall seeing it before, nor it working, certainly.  I might be wrong, and for some unrelated mysterious reason, it now works for me... (always a possibility, I suppose.)

     

    3
  • Christian Oyarzun

    This new sign in flow is not our end state solution. It’s been put in place to allow any sign in at all for Safari, Firefox and Edge browsers, given their new restrictions. We intend to fully cease using third party cookies as part of our login experience for host mapped accounts. 

    This will be a complex change and take time. We’re validating proposals at the moment, and  will share progress with this thread. For now, login on host mapped accounts is not broken, but it’s suboptimal. We’re aiming to improve this, and we appreciate all your feedback along the way.

    Max McCal and Caroline Kello Is there any status update on when we will return to an optimal login on host mapped accounts across major browsers with default security settings enabled?

    3
  • Justin Burns

    Still an issue and now it affects Edge as well.

     

    3
  • Jens Löfgren

    Our yearly renewal is also coming up but this issue has made us look into other solutions.

    3
  • Joseph Crivello

     

    I am blown away that Zendesk would now claim to not know what the problem is here after it has been explained and discussed in great detail over the course of years in this thread. @... seemed to explicitly acknowledge the problem in her post three months ago, but now doesn't think that there is a problem? I don't even know where to start with this. Hard to believe...

    3
  • rzd

    Again as has been 2.5 months since this was asked...

    Max McCal Caroline Kello When can we expect to see this resolved properly?

    Asking our customers to turn off or add exceptions for 3rd party cookies is not merely suboptimal, it's something that most will simply not do, and both we and our customers suffer greatly as a result.

    3
  • Matt Davis

    Dear ZenDesk: We have already begun the transition away from your services because of this issue. This is a one way trip that we put off for months. Our entire team has stopped recommending ZenDesk as a viable solution when people ask and have already warned others that were considering ZenDesk away - not only because of the issue but that the issue persists and has persisted this long.

    3
  • Max McCal
    Zendesk Product Manager

    Hi, all - I wanted to summarize what I hear to be the concerns raised in this thread. There are some very good concerns, and we know the current situation is not optimal.

    Sign in on host mapped accounts was completely broken by changes made in certain browsers behavior. We’ve resolved this in late 2020 for Safari (incl. iOS), Firefox and Edge by using the Storage Access API. This has introduced a new experience during the sign in flow where we explicitly ask for permission to drop a Zendesk cookie only for the duration of your browsing. This does not require cross-site tracking to be enabled. This article has been updated to reflect this new experience. 

    This new sign in flow is not our end state solution. It’s been put in place to allow any sign in at all for Safari, Firefox and Edge browsers, given their new restrictions. We intend to fully cease using third party cookies as part of our login experience for host mapped accounts. 

    This will be a complex change and take time. We’re validating proposals at the moment, and  will share progress with this thread. For now, login on host mapped accounts is not broken, but it’s suboptimal. We’re aiming to improve this, and we appreciate all your feedback along the way.

    3
  • Tiago Soromenho

    @..., @... -- I think you guys are missing that this does NOT "allow cross site tracking" in a general manner. The "Allow Cross-site tracking" should remain OFF.

    The issue here is that IF you access the Zendesk through a subdomain like "https://support.your-company.com" the actual service (Zendesk) is not where your domain is hosted. They need to set a cookie (which admittedly is old tech) with your session ID. They can't do that _because_ their servers are not associated with your domain, just one of your sub/domains is mapped to theirs.  

    The issue is that before, the browsers either allowed ALL cross-site tracking or NONE.  What Apple has enabled in Safari now is to allow an exception to be made on a PER CASE basis.  Clicking the "Allow" button on the pop-up does NOT enable ALL cross-site tracking.

    Again, this is ONLY when the Zendesk service is exposed to you or your customers in a domain-mapped url like support.your-company.com.  If you were to access Zendesk using their provided sub-domain with your company ID (usually your-company.zendesk.com) this is not an issue.

    3
  • Peter Steinberger

    @... I - like the others - missed that the article here was updated with the new flow. I tested this locally and it seems to *mostly* work. The process seems a bit wonky (required some browser reloading) but given I also run macOS Monterey, it might just be a beta issue. After some trying it worked. The process and multiple tabs and reloads and alerts is everything but smooth though.

    For the latest complaint I'll circle back why it didn't work for them - it is possible that it's an existing cookie that interferes here (like others mentioned as well), which again shows how fragile the current hack is.

    I can also confirm that this hack works on iOS 15b3. (However, Twitter Auth seems broken there)

    It is good to hear that future improvements are planned - logging into a support system shouldn't be so difficult.

    3
  • Heather Firth

    Is this fixed now? On iPhone 12 it just keeps looping back to the page.

    3
  • Joseph Crivello

    Nicole —

    I have neither the time nor the inclination for insulting or disparaging people over the Internet. My message was intended to convey a valid criticism of Zendesk's practices. I urge you to listen to your customers. It is interesting and ironic that the removal of my posting is yet another example of that not happening.

    Joe

    3
  • Andrew Johnson

    Max McCal Caroline Kello When can we expect to see this resolved properly?

    Asking our customers to turn off or add exceptions for 3rd party cookies is not merely suboptimal, it's something that most will simply not do, and both we and our customers suffer greatly as a result.

    2
  • Michael Bierman

    @Brett Bowser as best I can tell things are working as designed. The design is just poor.

    As @Joseph Crivello said, requiring Enabling cross site tracking is a terrible approach that puts users at risk and undermines state of the art browser security.

    Looking at my Chrome settings again, the problem could be that I have, "Block third-party cookies" set on. I don't recall if this is Chrome's default but I think that is what Chrome calls the Safari setting in @Tiago Soromenho's post.

    So it is likely that if I am willing to lower security for all websites perhaps even Chrome can use this workaround. Since Chrome is my primary browser I will keep the setting where it is. But that forces me to compromise Safari and switch to it if I want to easily sign into a zendesk powered portal. 

    2
  • Krzysztof Żelechowski

    This is what happens when you make a concerted investment instead of solving the problem at hand.

    2
  • Pat Beautz

    @... - Since you are so diligently monitoring this thread, how about sharing an update on when the source problem will be resolved?

    2
  • Tiago Soromenho

    Hi @... -- Do you have any evidence of your claim?  

    My understanding of the Safari documentation is that the exception is specifically to allow Zendesk.com to set a cookie on a customer's browser whose scope is your-domain.com. Meaning that only Zendesk can read your-domain.com cookies (and possibly only THAT cookie that it set itself, but that I'm not sure about.)

    https://support.apple.com/guide/safari/prevent-cross-site-tracking-sfri40732/14.0/mac/11.0

    And specifically the paragraph (emphasis mine):
    "Social media sites often put Share, Like, or Comment buttons on other websites. These buttons can be used to track your web browsing—even if you don’t use them. Safari blocks that tracking. If you still want to use the buttons, you’ll be asked for your permission to allow the site to see your activities on the other websites.

    The prompt that allows that exception specifically states: Do you want to allow zendesk.com to use cookies and website data while browsing "your-domain.com"?

    It doesn't say "Allow zendesk.com to use cookies on other websites" which would instead indicate that then, yes, it could put a cookie on your browser and retrieve it from any other site it partners with.

    Hence I don't understand the mechanism by which you believe that Zendesk can track visitors across the web? Even if a customer (or a CSR) has visited your support.your-domain.com site has received a cookie from Zendesk whose scope is your-domain.com, and either go visit say, google.com or get-away-adventures.com, those sites _cannot_ access any cookie whose scope is your-domain.com, whether it was placed by your site or Zendesk.

    The previous issue that we all had an issue with is that Zendesk needed to place a Zendesk.com scope cookie while the site accessed had a url/domain of support.your-domain.com and it needed the user to open up their cross-site tracking option in order for Zendesk to place and retrieve its own cookie on your site. With this new "exception" capability from Safari, this is no longer needed, and we can continue to keep our "cross-tracking" setting turned off, as it should be.

    Hence, what am I missing that gives you the belief that they can track visitors across the web? Can you explain the mechanism you see at work here? I'm genuinely interested as it's very possible I am overlooking something.

    2
  • Peter Steinberger

    This is STILL broken, we are still getting complains about it.

    What the heck, Zendesk? This can't be so hard that it takes three years to fix?

    2
  • Christian Oyarzun

    Hi Barkha Bhatia

    I agree with Tobias Linder, your post provides no updated information on how and when this will be resolved. Please provide us with an actual update on progress here as was promised on July 16, 2021.

    2
  • Jon Yergatian

    It will be interesting to see how quick this issue is resolved once Google Chrome removes the default support for 3rd-Party Cookies later this year. If Zendesk doesn’t resolve this issue before Google releases that update, we’ll be talking about a SaaS product that requires workaround on the #1 and #2 browsers.

    https://blog.google/products/ads-commerce/a-more-privacy-first-web/

    2
  • Chet Farmer

    Zendesk clearly has no intention of addressing this. It's time to look elsewhere. 

    2
  • Michael Bierman

    @Tiago Soromenho This is what I see on Safari (macOS) 

    If I logged out and back in I skip the extra dance back and forth (at least for now). I don't know how long lived this workaround is in Safari. 

    I do know that it does not work whatsoever in Chrome which means variants like Edge and Brave also don't work. 

    I find it appalling that zendesk has not solved this problem by now. 

    2
  • Michael Bierman

    The “sub par” experience in Chrome on iOS where we had to do the tap dance between sites no longer works at all. Unless I’m willing to allow all third party access to all sites, I can’t login to zendesk portals at all as shown below. 

    After what two years of being broken, I don’t expect that this will be fixed anytime soon. 

     

    2
  • Jon Yergatian

    The sad fact is Chrome, the browser with the largest market share by a substantial margin, won't be impacted until mid to late 2023. I get the impression this is the due date for Zendesk, regardless of what we say here in the comments.

    Barkha Bhatia, you kind of activated a landmine with your "update" as it provided no new information. So everyone was waiting quietly for a real update, only to be fed a giant plate of nothing.

    2
  • ward

    Chet Farmer's comment describes my dilemma:  I had been considering using Zendesk for my consulting practice, but I abandoned that plan because most of my clients are Mac users – I certainly won't subject them to this long-standing problem.

    I actually discovered this discussion when I encountered the login hassle as a user seeking tech support from a vendor using Zendesk.

    2
  • Tobias Linder

    Hi Barkha Bhatia

    Thank you for your offer but I really don't need 1-1 chat. What we need is Zendesk delivering on the promise from July 16, 2021 to fully cease using third party cookies as part of the login experience for host mapped accounts.

    Honestly Barkha Bhatia, you know any product other then Zendesk where a user has to click 5 times before he is allowed to start with the login process??? The Zendesk login process is broken, and it's broken for years, and you guys need now to act swiftly on this. I just checked my activities with zendesk support and actually found the ticket I created on October 15, 2019 about that issue with the title "Users can't login into zendesk with Safari" (ID: 4930495). This is now 2.5 years ago!

    2
  • Chet Farmer

    "Block third-party cookies" is indeed the default now for Chrome and Safari, and that's the crux of the issue. NO USER SHOULD TURN THIS OFF, FOR ANY SITE. Asking a user to do is absurd.

    2
  • Tobias Linder

    Max McCal You wrote on July 16, 2021 that zendesk intending to fully cease using third party cookies as part of the login experience for host mapped accounts. 9 months have passed so can you please give us an update on the status of that plan. 

    2

Article is closed for comments.

Powered by Zendesk