We started delivering SCORM courses to learners around the world with SCORM Cloud about ten years ago. The internet was a different place at that time. We decided then to follow standard practices and use cookies to control access to course content. Advertising companies also used cookies to track what sites a user visited. With time the advertising practices became more invasive, and people became more aware of the problem. As a result, web browsers have started making the use of third-party cookies almost impossible, as we have all seen with the recent Chrome 80 release. Unfortunately, benign use cases of third-party cookies are collateral damage in the changing times.

With the changes to third-party cookie policies taking place, we saw the writing on the wall. We needed to provide a way to control access to course content without using cookies. The burden of asking each learner to enable the use of third-party cookies on their device would be a roadblock for many. So we decided to use the information available to us when a learner launches a course to lock down what we could control. After floating a lot of bad names, we named this new feature “Content Vault”.

If we can’t use cookies to identify a learner, what can Content Vault use? The list is short, but it is enough to do the job. We can identify:

  • the learner’s IP address
  • the user agent for the learner’s browser
  • the time at which they launched the course
  • the amount of time since the learner last requested course content

We use each of these data points to identify a learner and determine if they should have access to a course. You can specify what data points, from the list above you want to use to authorize learners. We provide configuration options for each at the following levels:

  • application/tenant
  • course
  • dispatch destination
  • registration

When a learner launches a course, we record their information. Every time the learner’s browser requests a piece of course content, we verify that the learner still has permission to access the content. This all happens in real time, while adding minimal delay in the requests for content.

Content Vault landed in our Content Controller product first, and we recently added it to SCORM Cloud. We will roll it out to our Managed Hosting Rustici Engine customers in the coming months. For questions about how to enable Content Vault, reach out to our support team. We’re happy to walk you through it.

Tim is the Director of Engineering. He wears a lot of hats, makes sure we we are doing the right work, and that we have what we need to work efficiently as possible. You may also find him in the kitchen putting together a make shift charcuterie.