Updated Connectors v3.7 allow secure cookies & flexible implementation

A version update to Queue-it’s 25+ Connectors gives customers exciting new and improved features, regardless of how you’re integrated. The version 3.7 update strengthens security and adds to Queue-it’s comprehensive possibilities for when to trigger the waiting room.

Cookie security

Queue-it’s virtual waiting room uses cookies to assign visitors a place in line and to verify when they’ve been through the waiting room.  

Some customers have IT security policies that require their servers only communicate using encrypted HTTPS protocols, including setting all cookies with a secure flag. And even without formal policy requirements, many customers wish to secure cookies to ensure they’re not intercepted by third party actors or malicious users.

Flexible implementation

Queue-it offers the flexibility to implement the virtual waiting room on specific landing pages or actions (e.g. when a visitor clicks “Add to Cart”) with the actions and triggers framework. However, we’ve noticed cases that require a higher degree of flexibility. For instance, a customer may want to protect adding one product to the cart, but not another. Depending on the website setup, the current triggers framework in GO Queue-it may not accommodate this.

To help you secure your cookies and implement the virtual waiting room at an even more granular level, Queue-it has updated our 25+ Connectors to v3.7.

Secure your cookies

You can now set Queue-it cookies with one of two flags: HTTPOnly or Secure.

An HTTPOnly cookie is inaccessible to the JavaScript Document.cookie API; it's only sent to the server. This precaution helps mitigate cross-site scripting (XSS) attacks.

For further security, you can set the Secure flag to ensure the cookie is only sent over secured HTTPS protocols. Cookies with the Secure flag are protected from unintended parties or scripts that try to intercept the cookie and read its data.

Trigger the waiting room flexibly

You can now create waiting room triggers based on the contents of the Request Body in addition to existing triggers based on the Request URL, User Agent, Cookie, HTTP Header, or JavaScript.

The Request Body includes more granular request information. For example, assume you’re on a retailer’s product page and you add a specific product to the cart. The RequestURL may stay the same, but the Request Body will usually include a parameter for that specific product’s SKU or ID.

In practice, what this means is you can trigger the waiting room when shoppers add one specific product to the cart, but not others, even if both products have the same URL.

Secure cookies

To set the HTTPOnly flag on your cookies, go to Integration | Configurations, create or edit a Configuration, and check the box for “Http only cookies”. Note that this won't work in a hybrid integration (using both JavaScript and a server-side/CDN connector) because the client-side JavaScript code needs to be able to read the cookies.

To set the Secure flag on your cookies, go to Integration | Configurations, create or edit a Configuration, and check the box for “Secure cookies”.

Request Body triggers

To create triggers based on the Request Body, go to Integration | Overview | Settings and check the box under Advanced Settings for “Enable Request body trigger”.

Note that this option requires at least version 3.7.0 of SDK and is supported for server-side and edge Connectors. If you are in doubt, you can reach out to technical support before you change any settings.

Queue-it is excited to offer a version 3.7 update for our 25+ Connectors. After the version 3.7 update you can secure cookies with HTTPOnly or Secure flags and implement Queue-it with flexibility using the Request Body trigger.

For more information on how to get the most out of your Queue-it implementation, contact your Queue-it support representative at support@queue-it.com.