Starfish requires third party cookies
Our campus has recently started using a tool called Starfish Early Alert to track students who are having difficulties, especially those in danger of failing. It can also be used to give kudos, and for other things, like scheduling office hours or meetings outside of office hours, or recording attendance.
Having previously taught at West Point I’m familiar with the idea. At West Point it is called a “C.O.R.”, which stands for Cadet Observation Report. I could report a problem with a “negative” COR (an “NCOR”) or give kudos with a “positive COR.” And for strictly passing on information I could mark the COR as “neutral”. The report goes to the cadet and to the cadet’s Company Tactical Officer (TAC) and Tactical Non-Commisioned officer (TAC NCO), which is kinda like telling mom and dad, but perhaps with more consequences and less sympathy. In most cases submitting an NCOR really gets a cadet’s attention and (usually) an improvement.
My first attempt to use Starfish at New Paltz failed because of what looked like an authentication error:
Your Starfish session has expired. To access Starfish return to your learning
management system and select the starfish link.
I had already logged in to our learning management system (Blackboard) and accessed the system via that very link, so this was not much help. I submitted an IT ticket.
After a little investigating I found that I could connect successfully if I allowed third-party cookies (cookies that come from a site that is not the same as the one I was visiting, or attempting to visit). I usually set my browser to block such cookies, and that’s what caused the problem. And digging a little further revealed that the third-party cookies in question were coming from the product’s vendor, Starfish Solutions.
I generally don’t like the idea of allowing third-party cookies, out of concern for privacy, but I’m willing to make an exception on a case-by-case basis to get my work done, if I trust the sites involved. And as it turns out, the Chrome browser allows you to do that. So in my browser settings, under “Content Settings” and “Cookies” I added an exception to allow cookies from the product vendor. A little more experimentation revealed that all I had to add was:
(It also worked when I tried a wildcard using “[*.]” at the beginning, but a more restricted exception is usually better.) So now I allow cookies to be set from just that host and I can use their tool, and I can still block third-party cookies from other sites, preserving my privacy.
In fact, it’s not just that a cookie from the vendor is required for initial authentication, it turns out it’s required just to maintain an active session. I demonstrated this by starting a Starfish session while allowing external cookies, as described above, then deleting that exception after I was in Starfish. The next time I tried to do anything in Starfish it resulted in the same confusing error message noted above.
But I got it to work, and now I can send some NCORs…