Form in an iFrame and multiple users + sessions

  • 22 September 2023
  • 1 reply

Hello!  I’m attempting to figure out a solution for a site with a 3rd party hosted form (paperform) which gets iframed into our site as a modal. Once they finish and submit the form they are redirected back to our site. I’m hoping that a user’s autogenerated heap id will carry from our site to the 3rd party iFrame. 


What I am seeing instead is that I have two users in two different sessions. The good news is that the events are being picked up on both our site and the iframed form. So close! 


I’ve enabled the SecureCookie and passed it as a optional parameter in the `heap.load(‘ID’, { secureCookie: true })`in our site.  I’ve done the same in the form host. The 3rd party form host allows you to add scripts but it looks like they are placed outside of the <head> so I’m not sure if that’s the issue or I am misunderstanding what the results will be with the iFrame and secureCookie settings.

Thank you for your help and time!


Best answer by ALabs I Bhupender 28 September 2023, 09:06

View original

1 reply

Userlevel 3
Badge +1


The "Secured Cookies" option present in the Heap UI (Account > Manage > Privacy & Security) should take care of the user identification issue on third-party sites (iFrame). This is because with this option enabled, cookies will be set in a secure context, defaulting to SameSite=None.

However, in your case, the issue persists even after enabling the "Secured Cookies" option. This indicates the need for further investigation. It would be greatly appreciated if you could provide me with additional information that would assist me in delving deeper into the issue.

  1. If you could kindly provide the URL of the page containing the iFrame, it would enable me to replicate the issue and conduct real-time investigations.
  2. Could you please specify if this issue is specific to a particular device type, such as occurring only on mobile or desktop? Additionally, if it's model-specific, such as occurring on Windows/Android or on Apple Mac/iOS?
  3. I also request you to provide the Heap code snippet for both "your platform" and the "iFrame."

I look forward to receiving your response.