By default, every chat visitor is anonymous. Once you know who someone is — because they've signed in to your app or your Members Portal — you can identify them so the Live Chat Inbox shows their real name, email, and profile alongside the conversation. This guide shows where to find the identify snippets in CornerSpot and how to wire them up safely.
This is a developer task: you add a small script to your own site and compute a secure userHash on your server. You'll find everything you need on the Embedding tab in Live Chat Settings at /dashboard/chat/settings/embedding.
How to identify signed-in visitors in CornerSpot Live Chat
1. Open the Embedding tab
In Live Chat Settings, open the Embedding tab. This is where the loader snippet, your Site ID, the allowed-domains checklist, and the identify snippets all live.
2. Find the “Identify signed-in visitors” card
Scroll to the Identify signed-in visitors card. It explains the two things you need to do: call Cornerspot.chat('identify') after you know who the visitor is, and compute the userHash on your server as HMAC-SHA256(secret, userId) — never in the browser, where anyone could read or forge it.
3. Copy and add the identify snippet
Click Copy to grab the optional identify snippet, then add it to your host page and call it once you've determined who the visitor is. Pass the visitor's userId, optional email and name, and the server-generated userHash:
<script>
window.Cornerspot = window.Cornerspot || {};
window.Cornerspot.chat = window.Cornerspot.chat || function () {
(window.Cornerspot.chat.q = window.Cornerspot.chat.q || []).push(arguments);
};
Cornerspot.chat('identify', {
userId: 'user_123',
email: 'alice@example.com',
name: 'Alice Example',
userHash: 'SERVER_GENERATED_HMAC'
});
</script>
The userHash is what proves the identity is genuine. Generate it on your server — for example, in Node: crypto.createHmac('sha256', secret).update(userId).digest('hex') — using your widget's identify secret (see step 5). Because the secret never leaves your server, a visitor can't impersonate someone else.
4. For single-page apps, send route changes
If your site is a single-page app, the page doesn't fully reload on navigation, so the widget won't notice the new URL on its own. Copy the single-page-app update snippet and run it after every client-side route change so heartbeats and follow-up tickets keep the latest page context:
Cornerspot.chat('update', { pageUrl: window.location.href });
5. Manage the identify secret
The secret you sign the userHash with lives on the Identify Secret tab. Click Open identify secret from the identify card (or open the tab directly) to view the current secret or rotate it. Keep that value on your server and use it whenever you compute a userHash.
What identifying a visitor does
Once a visitor is identified, the Live Chat Inbox stops showing “Anonymous visitor” and instead enriches the conversation with who they are — their name and email in the header, and the matching profile and live-context details in the customer sidebar (and a link to their CRM contact when one exists). Signed-in Members Portal visitors are identified for you automatically, so portal conversations always arrive with identity attached.
Key rules to remember
- Call identify only after you know the visitor. There's no harm in chatting anonymously first; identify upgrades the same conversation in place.
- Compute the
userHashon your server. Never generate it in the browser — that would expose the secret and let visitors forge identities. - Keep your secret in sync. If you rotate the identify secret, update the server code that generates the
userHashtoo.