dify icon indicating copy to clipboard operation
dify copied to clipboard
Published 21 hours ago verified publisher icon langgenius

For Dear dev crazywoola [ iframe embed issue with user id]

Open asrguru20 opened this issue 1 month ago • 2 comments

Self Checks

  • [x] I have read the Contributing Guide and Language Policy.
  • [x] This is only for bug report, if you would like to ask a question, please head to Discussions.
  • [x] I have searched for existing issues search for existing issues, including closed ones.
  • [x] I confirm that I am using English to submit this report, otherwise it will be closed.
  • [x] 【中文用户 & Non English User】请使用英语提交,否则会被关闭 :)
  • [x] Please do not modify this template :) and fill in all the required fields.

Dify version

1.10.0

Cloud or Self Hosted

Self Hosted (Docker)

Steps to reproduce

  1. create an agent/ chatflow
  2. embed the iframe to a website
  3. enter a manually user id within the iframe embeded in the website
  4. chat with the floating button chatbot
  5. go and change the user id then you will see the chatbot always returns the first time use id it gets no matter if you switch the user of the website or refresh the page and restart the chat window message

here is a video presentaion: Note: this issue introduced right after dify 1.9.1 so in dify 19.2 and 1.10.0 this issue exist

I remember once this issue was in old version and solved

for a such use like me using dify in my wordpress for logged in users is big matter

I hope this issue will soon be ok

✔️ Expected Behavior

the new user id from chatbot iframe should be passed after a user switch or page refreshes

❌ Actual Behavior

chatbot always returns the first user id it interact

asrguru20 avatar Nov 14 '25 07:11 asrguru20

https://www.youtube.com/watch?v=kLKn3_tj70s

here is the video to see more in details

asrguru20 avatar Nov 14 '25 07:11 asrguru20

Thanks for sharing the video—it's helpful for understanding the issue.

This behavior is due to how Dify's iframe embed manages session state: it uses localStorage keyed by both appId and userId, so if the iframe isn't reloaded with a new, properly encoded user ID (as the sys.user_id URL parameter), the chatbot will keep using the initial user context even after a user switch or page refresh. The iframe embed doesn't have a built-in way to reset or clear session state when switching users; session isolation relies on updating the iframe src with a new encoded sys.user_id. Cross-origin localStorage can't be cleared from the parent page, so reloading the iframe is the recommended workaround for now. Make sure to encode the user ID by GZIP compressing, Base64 encoding, and URI encoding it—simple encoding won't work. See more details and code examples here and here.

Your video will be considered for further investigation as this limitation is actively being improved.

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other  Chat with Dosu Join Discord Share on X

dosubot[bot] avatar Nov 14 '25 07:11 dosubot[bot]

It seems that if the user_id changes, the app login(passport) should be considered expired.

yangzheli avatar Nov 17 '25 01:11 yangzheli