Sprinklr Live Chat Cookies and Storage Details
Updated
This page outlines the storage mechanisms (cookies and local storage) used by Sprinklr Live Chat, the types of tokens maintained, and how they are managed under consent frameworks. It also explains the proposed token categorization, and how consent management is integrated with a Consent Management Platform (CMP) such as TrustArc or OneTrust.
Sprinklr Used Storage Mechanisms
Local Storage: All tokens are stored in local storage by Sprinklr.
Cookies: Limited to AWS performance cookies and co-browse authentication cookies (if co-browse is enabled).
Why does Sprinklr use Local Storage (instead of Cookies) for Chat Session Management?
The primary reason for choosing local storage instead of cookies for managing chat session data is due to the third-party context in which the Live Chat widget is injected into brand websites.
When cookies are dropped from a third-party context, most modern browsers silently block them if third-party cookies are disabled—which is increasingly the default behaviour across major browsers (e.g., Chrome, Safari, Firefox). Since Live Chat is an essential functionality for a brand, and session tokens used by chat are essential, Sprinklr Live Chat cannot rely on cookies as a third party. Therefore, we use local storage in which the tokens are put in first party context and are free from these restrictions.
Key Points
Third-party cookies (Sprinklr cookies) are blocked by default in many browsers for privacy reasons.
Adding first party tokens in local storage (JavaScript accessible storage) is not subject to the same restrictions, making it a more reliable mechanism for storing session data.
This ensures that chat sessions can persist across page refreshes and navigation, even when embedded as a third-party script.
Token Categories
As of today (Apr 2026), Sprinklr Live Chat categorizes tokens across two categories:
Essential: Required for the core chat functionalities.
Analytics: Help with telemetry and user journey reporting.
Below is the table highlighting all data in their respective bucket type:
1. Essential
Token | Condition for drop | Stored In | Functionality | Duration | Managed By |
spr-chat-token-<app_id> | Always | Local Storage (default) / Cookie (only if brand opts-in through configuration) | JWT token uniquely identifies an anonymous/authenticated user and keeps conversations persistent across browser refreshes so that a user can refer/go back to their past conversations* | Anonymous User: Token is persisted in Storage lifelong for that user and remains valid until explicitly invalidated by Sprinklr expiry/logout rules, or is removed due to client-side actions (e.g., cache/storage clearance, logout, or browser policies)
Authenticated User: The expiry duration is configurable based on type of authentication | Sprinklr |
spr-chat-trigger-hide-<user_id> | Only when user snoozes the live chat using the x icon on the trigger. | Local Storage (default) / Cookie (only if brand opts-in through configuration)
| Hides chat trigger until a specified time and reappear the trigger on page refresh/after that time. | Token is persisted in Storage lifelong for that user and remains valid until explicitly invalidated by client-side actions (e.g., cache/storage clearance, logout, or browser policies) | Sprinklr |
spr-chat-user-<user_id> | Only when user changes the sound notification preference from action menu. | Local Storage
| Stores user preferences (e.g., sound notification mute/unmute). Used to remember the setting on page refresh. | Token is persisted in Storage lifelong for that user and remains valid until explicitly invalidated by client-side actions (e.g., cache/storage clearance, logout, or browser policies) | Sprinklr
|
spr-chat-state-<user_id> | Only when enable persisteChatState config in application. | Local Storage (default) / Cookie (only if brand opts-in through configuration)
| Store chat state like – open/close of live chat widget. Used to remember the state on page refresh. | Token is persisted in Storage lifelong for that user and remains valid until explicitly invalidated by client-side actions (e.g., cache/storage clearance, logout, or browser policies)
| Sprinklr
|
AWSALB, AWSALBCORS | Always | Cookie | Associated with Amazon Web Services (AWS) infrastructure, these cookies are used for maintaining sticky sessions, enhancing performance through efficient request routing and managing scalability & security. These cookies do not contain any user data. For further insight into the functionality and usage of these cookies, please refer to the AWS documentation here: AWS Sticky Sessions Documentation. | No expiry |
|
spr-cobrowse-state | Only when co-browse functionality is enabled and user drop from active session without end that session. | Local Storage (default) / Cookie (only if brand opts-in through configuration)
| Persistent cobrowse session state after the page refresh | Token is persisted in Storage lifelong for that user and remains valid until explicitly invalidated by client-side actions (e.g., cache/storage clearance, logout, or browser policies)
| Sprinklr |
_cobrowse_device_id | Stores the Device ID being co-browse | Local storage
Fallback Mechanism: Cookies are used only if Local Storage is unavailable. | Cobrowse internal usages | Local Storage: Token Persists in local storage until manually cleared
Cookies: Persist until the browser is closed (closing individual tabs does not clear this data) | Cobrowse.io (third party)
|
_cobrowse_device_registration | Stores device registration time and other details. | Local storage
Fallback Mechanism: Cookies are used only if Local Storage is unavailable. | Cobrowse internal usages | Persists only for the duration of the active Cobrowse session | Cobrowse.io (third party)
|
_cobrowse_test_item | Used to test if local storage is available | Local storage
Fallback Mechanism: Cookies are used only if Local Storage is unavailable. | Cobrowse internal usages | Automatically removed once the test is done | Cobrowse.io (third party) |
_cobrowse_window_id | Stores Window ID. | Local storage
Fallback Mechanism: Cookies are used only if Local Storage is unavailable. | Cobrowse internal usages | Local Storage: Token Persists in local storage until manually cleared
Cookies: Persist until the browser is closed (closing individual tabs does not clear this data) | Cobrowse.io (third party)
|
_cobrowse_active_session | Stores active session details. | Local storage
Fallback Mechanism: Cookies are used only if Local Storage is unavailable. | Cobrowse internal usages | Persists only for the duration of the active Cobrowse session | Cobrowse.io (third party)
|
Note: Sprinklr leverages the third-party library Cobrowse.io to facilitate collaborative browsing and real-time navigation with customers.
Storage of spr-chat-token-<app_id>
Default storage configuration: In the default scenario, the Live Chat user token (spr-chat-token-<app_id>) is stored in the brand domain's local storage. However, this storage is not accessible across cross-origin domains, for example (https://a.example.com and https://b.example.com).
Cross-domain storage configuration: This scenario is used when brand wants to persist a Live Chat session across different domains yet same-site websites, for example (https://a.example.com and https://b.example.com). Since browser local storage cannot be used, Sprinklr attempts the following storage options, in order, depending on browser availability and user cookie preferences:
1. Sprinklr domain’s local storage
2. Brand domain’s cookie storage
3. Brand’s domain’s local storage (here, chat will not persist across different domains, but will persist on page refresh on same domain)
4. In-memory storage (here, chat will neither persist across different domains not across page refresh on same domain)
If an option is not accessible/throws error, we fall back to the next option.
Note:
A brand needs to opt-into this configuration by passing “sessionStorage” in app settings.
When we fall back to brand’s cookie storage (#2), the spr-chat-token-<app_id> is automatically sent with all API calls made from the website. Please ensure that your backend server is configured to accept this token in API requests.
2. Analytics
Analytics data is generated as event-level logs based on user interactions with the Live Chat widget.
Token | Stored In | Functionality |
spr-chat-analytics-<user_id> | Local Storage | Funnel reporting of user journeys, feature usage measurement, and performance analysis.
|
Consent Management
Sprinklr Live Chat supports IAB TCF framework, the industry-wide standard for capturing and sharing consent signals across vendors.
Essential tokens: Always required for the core chat functionality. Consent is not required for these.
All non-essential tokens: Requires user consent under the IAB TCF. Hence, non-essential tokens will only be dropped if the CMP signals user consent.
Note: If consent management functionality is not enabled for the Live Chat application, all tokens will be dropped without waiting for consent when the Sprinklr Live Chat is initialized successfully.
As shared above, as of today (Apr 2026), there is just 1 non-essential token, which falls under the analytics category and requires user consent. For more details on user consent management, see Consent Management for Analytics Tokens.
Consent Management for Essential Token
The spr-chat-token-<app_id> token is fundamental to the core functionality of Sprinklr Live Chat and should not be reclassified as a functional token.
Key Points
Functionality: All functionality including conversation, video call and cobrowse require this token to establish any connection with our servers.
Chat Persistence: This token ensures that conversations persist across page refreshes and navigation. Without it, users would lose their chat sessions when moving between pages, resulting in fragmented and frustrating interactions.
Cross-Subdomain Continuity: For brands operating across multiple subdomains (e.g., sprinklr.com and shop.sprinklr.com), this token enables seamless chat continuity. Without it, users would be treated as new visitors when switching subdomains, breaking the conversation flow.
Multi-Page Applications (MPA): In MPA setups, navigating from the homepage to a product page constitutes a full page reload. Without the spr-chat-token-<app_id>, the chat session would reset, causing the user to lose their conversation history—leading to poor UX and disrupted customer journeys.
Recommendations:
All Sprinklr essential tokens should remain in the Essential categorization of website to maintain reliable, secure, and user-friendly live chat experiences.
If Sprinklr tokens are reclassified under any optional category, for example functional, then it is up to you to embed the Sprinklr Live Chat only after the user has granted consent.
Consent Management for Analytics Tokens
Cookie consent is configured at the application level in Sprinklr. You must add the cookieConsent flag to the embed code generated during the creation of the Live Chat app.
Example
window.sprChatSettings = {appId: '68f8a4508592040bc694dd45_app_1000584416',cookieConsent: {ANALYTICS: true // or false}};
Parameter
Parameter | Description |
ANALYTICS | Flag to enable or disable analytics tracking. Supported Values: true, false Default: false |
Note: To get consent management for analytics cookie enabled in your environment, contact Sprinklr Support at tickets@sprinklr.com.
Handling Consent Updates During Session
Any changes in user consent after the chat has been loaded can be updated to Sprinklr Live Chat via the updateCookieConsent SDK. Based on these updates, analytics tracking will either start or stop dynamically.
For more information about the SDK, see Enable or Disable Consent Based Analytics.
What happens when user declines the consent for Analytical Tokens?
The following analytics and event-driven workflows will not be captured to report user activity:
All exposed analytics events. For more information, see All Exposed Live Chat Events.
Reporting on Live Chat Button and Link Clicks. For more information, see Reporting on Live Chat Button and Link Clicks.
Note: All other functionality and case level reporting, agent metrics reporting and Cart SDK reporting will not be affected by this.
Data Collection and Privacy
Sprinklr's Live Chat system is designed to minimize the collection of user-specific data, focusing only on essential session metadata required for effective support. This includes User Agent, Time Zone, Locale, Page Title, Page Url, if available, which are used solely within the session context for personalized service delivery.
Summary
Sprinklr Live Chat primarily uses local storage (for chat persistence and preferences) and a limited set of cookies (for AWS routing and cobrowse).
All Sprinklr tokens should remain in the Essential category to maintain reliable, secure, and user-friendly live chat experiences.
If Sprinklr tokens are reclassified under any optional category, for example functional, then it is upto you to embed the Sprinklr Live Chat only after the user has granted consent.
Analytics tokens require explicit consent under IAB TCF and are gated via CMP integration.
A refined token categorization is proposed to separate Essential and Analytics clearly.