Hi,

For those of you that have a member database. Lets say that the member logs in. I store the member number in my Session["membernumber"] = "1122334455". Then the click on chat. Is there a way to pipe that information through so that number displays on the operator console. Then the operator would just look at that number and tell the user your order is on the way, you accout balance is 4400.00 without reauthenticating them like.. can I have your user number, can I verfiy your address/phone number, etc.

Now I looked at the post for prefill pre-survey fileds. If I fill the Name filed with "Act Num: 1122334455" and auto sumit the pre-survey form, that field shows up nicely on the left side of the operator console but the process is not secure. Anyone can go to

http://myserver/SightMaxAgentInterface/PreChatSurvey.aspx accountID=1&siteID=1&queueID=2&SmartMax2=ActNum:88888888.

Now my operator would think that user 88888888 already logged in (which is not the case) and give the user all the info about 88888888 account.

Anyone has any workarounds for this? Some secure way of transfering this data would be very crucial feature for some users!

Thanks

Hi Matrixlll,
The solution is possible, but the solutions will differ based on the technology you are using for your site (Asp.Net, static HTML, etc).  If you could provide that information, I might be able to throw out a few suggestions.  By the way, this would be a great question for our new developers forum

http://www.sightmax.com/cs/forums/36.aspx

Hi Mike,

I am using asp.NET and have full control of the server. Please let me know if you have any suggestions.

Thanks

I know you said you dont like using the auto populate of the prechat survey, but let me throw this idea out there since you have full control of the server: If you use Asp.Net Ajax you could put the chat button in an update panel. Have the button be a default run of the mill chat button with no auto populate querystrings. Once you validate the person on the page, you could then update the chat tag to reflect your autopopulate values. This way when the page is rendered, if a standard, non-malicious user tries to view the source they dont see the auto populate values. I say non-malicious user because really anybody with a js debugger could find the new value if they wanted. They other hang up is that this method relies on you authenticating the user first.

The other way you might be able to pull it off is by changing a cookie we set. Starting in SightMax 5.0 we set a SmartMaxPrevChat cookie, which is a cookie we use to display the visitors previous chat name. You could change this to be your visitors account number. The hang up on this is that that we use this cookie to change the visitors Host Name in the operator GUI. So when you visitor comes back, all the operators would see an account number for the visitor's Host Name.

Another idea is to completely fake the chat button all together. When the visitor clicks the fake chat button, in your codebehind you could spawn the prechat survey yourself.

Thanks for your suggestions. They are greatly appreciated!

#1. The site is a bit secure to do javascript hacks. I guess this won't be an option.
#2. I am really liking this idea. I will give this a try and see what happens. It's more of a "Customer Support" site than a "Marketting Site", so Host Name is not that important. And a malicious hacker would not be able to fake the cookie value (as far as I know).
#3. Could you give a little more explaination about this? How would I go about spawning the prechat survey in codebehind?

Again, I really appreciate all the help.

On #3 what you could do is just put an asp.net ImageButton, and inside its Click event you could do a ClientScript.RegisterClientScriptBlock and inject a javascript that spawns the window.  On second thought this might not work...Im thinking the browser might block the popup.

Mike,

The cookie idea didnt seem to work either. Seems like once the visitor enters the site the SmartMaxPrevChat is set and the host name displays on the operator console. Even then if you delete the cookie and reset it to something else the operator console remembers the old one and does not change it. If you close the browser wait for 15 min and then reenter the chat the new cookie value displays but that does not help me in this case.

I love sightmax and its very unfortunate that I have to go with a different product just because of this feature.

Your help was really appreciated.

Thanks

Yes, we only check once, at the start of a new session, to see if the visitor has previously chatted.  However, it shouldnt take 15min for a visitor to drop after you close a browser.  At most it should take 90 seconds.