Field Notice: FN - 70510 - Chrome Version 80 Update for SameSite Cookie Causes ECE Gadget and Dock Chat to Malfunction - Software Upgrade Recommended

Notice

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

Revision	Publish Date	Comments
1.0	04-Feb-20	Initial Release
1.1	10-Feb-20	Updated the Products Affected, Problem Symptom, and Workaround/Solution Sections

Products Affected

Affected OS Type	Affected Software Product	Affected Release	Affected Release Number	Comments
NON-IOS	Enterprise Chat and Email	11	11.5(1), 11.6(1)	Release 11.5(1) and 11.6(1) customers are advised to upgrade to Release 11.6(1) ES8 in order to apply the ET
NON-IOS	Enterprise Chat and Email	12	12.0(1)	Update to ECE 12.0 ES3 in order to apply the ET
NON-IOS	Enterprise Chat and Email	12	12.5(1)	Apply ET1

Defect Information

Defect ID	Headline
CSCvs83450	Explicitly assert the "SameSite" cookie attribute in ECE application

Problem Description

The Enterprise Chat and Email (ECE) gadget and dock chat malfunction after you apply the Chrome Version 80 update for SameSite cookie.

Background

Currently the Chrome SameSite cookie default is "None", which allows third-party cookies to track users across sites. However, from February 2020, cookies will default into "SameSite=Lax", which means cookies are only set when the domain in the URL of the browser matches the domain of the cookie - a first-party cookie. Any cookie with the "SameSite=None" label must also have a secure flag, therefore it will only be created and sent through requests made over HTTPs.

Problem Symptom

The agent will not be able to log in to the ECE gadget inside Finesse on ECE Releases 11.5(1), 11.6(1), 12.0(1), and 12.5(1).

Behavior on the Agent Side

When an agent tries to log in to the ECE gadget inside Finesse, the agent will be logged out immediately. When the agent tries to log in again, this message is displayed:

You have at least one session that is already in progress. Would you like to end the existing sessions and begin new session?

When you click Continue, the agent will still not be able to log in to the application as shown in these screenshots:

Network traces from the agent console in Chrome for this issue are shown here.

Behavior on the Customer Side

The dock chat customer is not able to refresh, navigate, or pop out a dock template for cross domain if SameSite is enabled. Sample screenshots are shown here:

Customer dock chat website with docked chat icon.

Customer initiates the chat.

On refresh, the docked chat window disappeared.

If the customer undocks a dock chat, the chat window does not load.

The agent will not be able to log in to the ECE gadget inside Finesse on ECE Releases 11.5(1), 11.6(1), 12.0(1), and 12.5(1).

Workaround/Solution

Do not update Chrome. Apply the given Engineering Test (ET) on the latest Engineering Special (ES) of the respective ECE releases.

• Release 11.6 - Release 11.5(1) and 11.6(1) customers are advised to upgrade to Release 11.6(1) ES8 in order to apply the ET2
• Release 12.0 - Update to ECE 12.0(1) ES3 in order to apply the ET1
• Release 12.5 - Apply the ET1

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

• Open a service request on Cisco.com
• By email
• By telephone

Receive Email Notification For New Field Notices

My Notifications—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.