We are using JWT to authenticate users from within our software and then redirect them automatically, so that they can get to our Help Center without having to log in. The authentication is working as expected, but we are having an issue with the sessions.
When a user in our software clicks our Help Center link, a request is sent to generate a JWT token. The new token is being received back in our software successfully. The problem is, if the user has already been in the Help Center recently, when we redirect to the Help Center using the newly received token, Zendesk is finding the old/existing session, and redirecting them using that old session instead of creating a new one with the new token.
The real-world scenarios that his causes are as follows:
1) Our users all access our software from the same centrally located browser/computer at their workplace. Our software has a "Change User" option, so when someone new gets on the machine, they simply change over to their user and continue working. If User A clicks the Help Center link, they will be redirected correctly. Then, User A will typically close out of the Help Center when they're done, without logging out. If User B then gets on the computer and signs into our software, then clicks the Help Center link, they are redirected to the help center under the existing session, and get logged in as User A.
2) Another problem we have come across is that User A will access the Help Center, close the tab out when they're done, and then continue working in our software. After some time passes, they might need to go back to the Help Center. When they click the link again, they ARE receiving a new token in the back-end (I stepped through debug mode and saw that a new token generates every time, which is what we want), but, when they are redirected using the token Zendesk (or maybe the browser), is finding the old/expired session from before, and using that instead of explicitly using the new token to generate a new session. Since the session is expired, the redirect to the Help Center fails, and continues to fail unless the user clears all of their browser cookies/cache.
Is there any way kill all existing sessions, or automatically have the session end/cookies cleared anytime a user closes out of the Help Center without logging out? Has anyone else come across this issue and solved it in a different way?
Publicação fechada para comentários.