A cookie is a small piece of data sent from a website and stored in the visitors' web browser. It helps the website to remember information about a visit; so when a visitor browses the same website in the future, the data stored in the cookie is sent back to the website by the browser.
Conversational Cloud uses information stored in browser storage to maintain session data and to identify returning visitors by saving Conversational Cloud-specific data, such as visitor ID and last chat date. It is important to note that the stored data do not contain any private customer data or any data that can be accessible or useful outside of Conversational Cloud.
Cookie Consent
Brands that elect to use our products and services are responsible for obtaining (and maintaining) consumer consent before using Conversational Cloud cookies and other tracking technologies on their websites. While we include suggested best practices below, we also recommend that you seek legal advice about what would be best for your particular websites or applications in light of your offering, the reason you’re using cookies and the laws that apply to you.
Best Practices with Cookies and Conversational Cloud
In order to stay aligned with the latest regulations, LivePerson recommends that brands adopt the following best practices regarding cookies, tracking and Conversational Cloud:
- You should add a cookie consent functionality to your website. It should contain a prominent banner or similar visual element when the page first loads to concisely inform the consumer about the use of cookies and what action the consumer should take to consent.
-
If the consumer consents, you should remember their response so you can deploy the Web Tag on all subsequent visits and pages.
-
If the consumer declines, you should remember their response, so the Web Tag is not deployed on subsequent pages and visits. Additionally you may choose to refresh the current page to apply the consumer’s choice so that the Web Tag would not get deployed on that specific page.
-
You should include information about your use of third party cookies, such as Conversational Cloud cookies, and the purpose for their use, in your privacy policy or cookie notice.
-
You should inform consumers about various options they can use to disable cookies.
Storage Data Types
If no duration is specified for a Storage Type below, this means its duration is the browser session.
SecureStorage
Secure storage is a client-side storage mechanism, that LivePerson has implemented in order to provide the best possible consumer experience. Secure storage uses a combination of modern browser technologies (indexedDB, localStorage, sessionStorage and first party cookies) to store necessary information on LivePerson domains — depending on browser capabilities.
By default, Conversational Cloud uses the third-party storage solution type for website visitors. If you have any questions about this approach, please contact LivePerson Customer Support (use the chat on this page, or message Support). The following tables list the stored data and their types offered by LivePerson.
Monitoring Data
These values are non-sensitive identifiers stored in the consumer’s browser to enable the association of website visitors during and between conversational sessions for monitoring purposes. This monitoring data enables the tracking of a website visitor from where it began, how it progressed over time (campaigns, conversion tracking & conversations) and ultimately when the website visitor leaves or returns.
| Entry Name | Description | Storage Type |
|---|---|---|
| LPVID | Visitor ID as identified in Conversational Cloud. Identifies a browser as long as cookie is not deleted. | 1st party persistent. Fallback to sessionStorage per Tab. Path: parent domain /. |
| LPSID-SiteID | Current active (or last) monitoring session. | 1st party session cookie. Fallback to sessionStorage per Tab. Path: parent domain /. |
| LPSessionID | Current active (or last) monitoring session. | 3rd party HTTPonly session cookie. Path: LivePerson parent domain /. |
| LPVisitorID | Visitor ID as identified in LivePerson. Identifies a browser as long as cookie is not deleted. | 3rd party HTTP only persistent. Path: LivePerson parent domain /. |
| lpLastVisit- | Last visit timestamp | localStorage. Duration: forever |
| lpTabId | Tab identifier — uses to share LivePerson data between different browser tabs | sessionStorage. Duration: session — same tab and domain only |
| lpPmCalleeDfs | For cross domain communication logic | sessionStorage. Duration: session — same tab and domain only |
Conversation Data
| Entry Name | Description | Storage Type |
|---|---|---|
| LPCID-SiteId | Token for retrieving conversation data in the client only. | First party session cookie. No fallbacks. Path: parent domain /. |
| LPCKEY-SiteId | Token for retrieving conversation data in the client only. | First party session cookie. No fallbacks. Path: parent domain /. |
| LivePersonID | LivePerson chat identifier. Note: We do not currently use this data although we do store it. | Third party persistent cookie. Path: LivePerson parent domain / Note: We do not currently use this data although we do store it. |
| Storage_expiration-SiteId | timestamp for last storage usage (used for secure storage logic) | SecureStorage. Duration: 1 day |
| lpStrMap | manages storages keys (used for secure storage logic) | SecureStorage. Duration: 1 day |
| UIConf | Stores conversation settings (features, logic etc.) | SecureStorage. Duration: 1 day |
| lpMessaging- | Stores the JWT token and authentication code in messaging scenarios for messaging window recovery on navigation and cross tabs | SecureStorage. Duration: 1 day |
| -lpuw | session state | SecureStorage. Duration 1 day |
Login Cookies
| Entry Name | Description | Storage Type |
|---|---|---|
| idpLastSiteId | Last site id for Remember me functionality | Third party secure session cookie. Path: LivePerson domain. Stored as long as the session is active. |
| idpLastDomain | Last domain used for login for Remember me functionality | Third party secure session cookie. Path: LivePerson domain |
| session_id | Conversational Cloud agent session identification | Third party, httpOnly secure session cookie. Path: LivePerson domain |
| WSHumanClickServer | Logical name of appserver handling the site | Third party, secure session cookie. Path: /hc/web LivePerson domain |
| WSHumanClickWebSession | Appserver web session identifier | Third party, httpOnly secure session cookie. Path /hc/s-{siteid}/web LivePerson domain |
| WSHumanClickSiteNumber | Site identifier | Third party, secure session cookie. Path: /hc/s-{siteid}/web LivePerson domain |
| agentSessionKey | Agent session identifier in the appserver | Third party, secure session cookie. Path: /api/account/{accountid}/agentSession LivePerson domain |
CoBrowse cookies
| Entry Name | Description | Storage Type |
|---|---|---|
| s.browser | For transports based on HTTP (long-polling and callback-polling), CoBrowse sends a HTTP cookie with the handshake response, marked as HttpOnly, called s.browser. The cookie identifies the browser. See BAYEUX_BROWSER for details. Cookie is removed when the browser is closed. | Third party cookie. HttpOnly and Secure. Domain: CoBrowse Domain prefixed with siteId. Path: /sync. |
Other cookies
| Entry Name | Description | Storage Type |
|---|---|---|
| lpTestCookie{timestamp} |
|
First party session cookie. No fallbacks. Domain: parent domain. Path: parent domain /. |
Considerations
The following issues should be considered when working with Conversational Cloud Cookies.
Secure Cookies
Conversational Cloud supports secure cookies, but requires the Web Tag to be deployed using HTTPS.
HttpOnly Attribute
Conversational Cloud is unable to support the HttpOnly attribute because it does not operate through JavaScript, which enables the Web Tag to collect cookies.
Third Party Storage — Default
By default, Conversational Cloud uses third-party session and visitor storage in order to save visitors’ tracking information. This is due to the fact that while visitors are browsing your site, the Conversational Cloud cookies are set by the Conversational Cloud domain and not by your website domain.
Some browsers are currently limiting the usage of third-party storage — this can affect the LivePerson loading and monitoring process. it is possible also to enable first-party storage support for the secure storage for additional support.
If you have any questions that are not addressed through this cookie policy, please contact LivePerson Technical Support (use the chat on this page, or message Support).