Skip to content

Restoring a User Session & Cross-Device Consent Sharing

Premium Feature

Cross-Device Consent Sharing is a Premium Feature that is only enabled on request. Please reach out to your Customer Success Manager for more information.

Overview

The 'Restore User Session' feature in our SDK is a specialized tool designed for a specific use case: retrieving user consents that were previously granted on a different device. This feature is ideal for scenarios where users switch between devices, such as moving from a web interface to a smartphone.

Key Concept

One-Time Restoration: This feature is intended to restore consents only once from another system, ensuring a seamless user experience across devices.

Examples of Use Cases

  • User Switching Devices: A user grants consent on a web application and later accesses the mobile app. Using 'Restore User Session', the consents are carried over, eliminating the need for re-consent on the mobile app.
  • Login Process: Integrate the 'Restore User Session' feature during the user login routine to seamlessly transition consents across different sessions or platforms.

Implementation Guide

Prerequisites

  • Consistent use of the same Settings ID across your systems.
  • Secure storage of the Controller ID provided by Usercentrics.

Steps for Implementation

  1. Store Controller ID: Save the Controller ID that Usercentrics provides. This ID is crucial for identifying the user session across different platforms
  2. User's Log In: When a user logs in into your application, you should match the user's id with the previously stored Usercentrics Controller ID
  3. API Invocation: Call the restoreUserSession API immediately after initializing the SDK and checking if it's ready
  4. Session Restoration Callback: After invoking the API, verify if the session was successfully restored. If the restoration fails, prompt the user to provide their consents again

What is Controller ID?

When a user submits consent within your mobile application, their individual consent state is stored locally and remotely secured. This information is accompanied by a randomized, unique, anonymous, and encrypted key, referred as the controllerID. This key serves as the identifier for the user's privacy choices.

At the moment that the consent is given, the controllerID can be obtained through the callbacks of showFirstLayer(...) or showSecondLayer(...) methods

banner.showFirstLayer(...) { userResponse in
    let controllerID = userResponse.controllerId
}

banner.showFirstLayer(...) { userResponse ->
    val controllerId = userResponse?.controllerId
}

final userResponse = await Usercentrics.showFirstLayer(...);
val controllerId = userResponse?.controllerId

import { Usercentrics } from '@usercentrics/react-native-sdk';

const userResponse = await Usercentrics.showFirstLayer(...);
const controllerId = response.controllerId;

Usercentrics.Instance.ShowFirstLayer(<UsercentricsLayout>, (userResponse) => {
    var controllerId = userResponse.controllerId;
});

or right after the SDK initialization through the getControllerId() method:

let controllerID = UsercentricsCore.shared.getControllerId()

val controllerId = Usercentrics.instance.getControllerId()

final controllerId = await Usercentrics.getControllerId();

import { Usercentrics } from '@usercentrics/react-native-sdk';

const controllerId = await Usercentrics.getControllerId();

Usercentrics.Instance.GetControllerID();

Additionally, it is important to note that when our second layer is presented to users, they will have the ability to view and copy their current controller ID. This functionality is essential because users can leverage the controller ID to inquire about the specifics of their consent, its acquisition process, and to initiate data deletion requests. For further guidance, the Article 29 Data Protection Working Party has released updated 'Guidelines on consent under Regulation 2016/679' on April 10, 2018 (http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=623051).

Implementation

You can now take this ID, and restore a user session in another Usercentrics supported platform, such as iOS, Android, TV, Web or Unity. By using the method restoreUserSession and passing the controllerID:

UsercentricsCore.shared.restoreUserSession(controllerId: controllerId) { status in
    // This callback is equivalent to isReady API
    if status.shouldCollectConsent {
        // Collect Consent
    } else {
        // Session restored: apply consent with status.consents
    }
} onFailure: { error in
    // Handle non-localized error
}

Usercentrics.instance.restoreUserSession(controllerId, { status ->
    // This callback is equivalent to isReady API
    if (status.shouldCollectConsent) {
        // Collect Consent
    } else {
        // Session restored: apply consent with status.consents
    }
}, { error ->
    // Handle non-localized error
})

try {
  final status = Usercentrics.restoreUserSession(controllerId: controllerId);

  if (status.shouldCollectConsent) {
    // Collect Consent
  } else {
    // Session restored: apply consent with status.consents
  }
} catch (error) {
  // Handle non-localized error
}

import { Usercentrics } from '@usercentrics/react-native-sdk';

try {
  const status = Usercentrics.restoreUserSession(controllerId: controllerId);

  if (status.shouldCollectConsent) {
    // Collect Consent
  } else {
    // Session restored: apply consent with status.consents
  }
} catch (error) {
  // Handle non-localized error
}

Usercentrics.Instance.RestoreUserSession(<controllerId>, (status) => {
    if (status.shouldCollectConsent)
    {
        // Collect Consent
    }
    else
    {
        // Session restored: apply consent with status.consents
    }
}, (errorString) => {
    // Handle non-localized error
});

Graphical overview

LanguageHierarchy

Best Practices

Avoid Routine Invocation

Do not invoke the restoreUserSession method as part of regular operations. It's best suited for specific instances, like during the login process.

The controllerId serves as a reference to the consents provided by the end-user. Therefore, it is recommended to store it on your premises only after the user has interacted with the banner and the consents are ready to be processed.

Single-Use Restoration

Remember that this feature is designed for a one-time restoration of user consents from another system. Repeated attempts to restore the session using the same Controller ID will not be successful.

What happens if I call restoreUserSession repeatedly?

The SDK is designed to only restore the session once. Repeated calls, especially with the same Controller ID, will not initiate additional session restorations.

CCPA/CPRA and US Frameworks (VCDPA, CPA, CTDPA, UCPA) are not supported

Cross-Device Consent Sharing is not supported for CCPA/CPRA and US Frameworks. The consent collected for these frameworks is only meant for the device the consent was given in.