What is Suite Assistant?
Suite Assistant is a web-based tool built specifically for Fluvius Suite guests. It provides a streamlined interface where you can manage your suite reservations, receive clear payment instructions, and check the current status of your bookings at any time. The application is accessible directly from your browser — no additional software or downloads are required.
Reservation Management
Making a reservation through Suite Assistant is designed to be simple and straightforward. Once you are signed in, you can browse available dates, select your preferred stay period, and submit a reservation request. The system ensures a seamless experience from start to finish.
- View real-time suite availability through an integrated calendar
- Select check-in and check-out dates with an intuitive date picker
- Receive instant confirmation of your reservation request
Payment Instructions
After your reservation is confirmed, Suite Assistant provides detailed payment instructions tailored to your booking. You will receive clear guidance on accepted payment methods, amounts due, and payment deadlines. All payment-related information is available in your personal dashboard once you are signed in, ensuring you always have the details you need at your fingertips.
Reservation Status
Stay informed about your booking at every step. Suite Assistant allows you to check the current status of your reservation in real time — whether it is pending review, confirmed, or completed. Status updates are available in your profile area after signing in, so you always know exactly where things stand.
Google Sign-In
Suite Assistant uses Google Sign-In as its authentication method, providing a secure and convenient way to access your account. Instead of creating and remembering yet another username and password, you can sign in using your existing Google account. This approach leverages Google's industry-leading security infrastructure to protect your identity.
How It Works
The sign-in process is quick and secure. Here is what happens step by step:
- You click the "Sign in with Google" button on the Profile page.
- You are redirected to Google's secure sign-in page, where you choose your Google account and grant permission.
- Google sends a secure, encrypted credential (ID token) back to our application.
- Our server verifies the token with Google's servers to ensure its authenticity and that it was issued for our application.
- Once verified, a secure session is created for you, and you are signed in to Suite Assistant.
What Data We Receive
When you sign in with Google, we receive only your basic profile information: your name, email address, and profile picture. We do not receive your Google password or access to any other Google services. This information is used solely to identify you within Suite Assistant and personalize your experience.
Security Measures
Your security is our priority. The Google ID token is validated server-side against Google's OAuth2 servers to prevent forgery. Your session token is stored in a secure, HTTP-only cookie that cannot be accessed by JavaScript, protecting against cross-site scripting (XSS) attacks. The cookie is also configured with the Secure flag, meaning it is only transmitted over encrypted HTTPS connections, and uses the SameSite=Lax policy to mitigate cross-site request forgery (CSRF) risks.
Cookies Used for Authentication
Suite Assistant uses a minimal set of cookies strictly necessary for authentication functionality. Below is a detailed breakdown of each cookie and its purpose:
The auth Cookie in Detail
The auth cookie is the primary session cookie set by Fluvius Suite. It contains a JSON Web Token (JWT) that encodes your user ID, email address, and account type. This token is cryptographically signed with a server-side secret, which means it cannot be tampered with. The cookie is configured as HttpOnly (inaccessible to browser JavaScript), Secure (only sent over HTTPS), and SameSite=Lax (sent with same-site requests and top-level navigations). It expires after 7 days, after which you will need to sign in again.
Google Sign-In Cookies
The g_csrf_token and g_state cookies are set by Google's Sign-In library (Google Identity Services). The g_csrf_token provides protection against cross-site request forgery during the redirect-based authentication flow. The g_state cookie helps Google manage the state of the sign-in prompt UI, such as whether the One Tap prompt has already been displayed. These cookies are managed entirely by Google and are necessary for the sign-in process to function correctly.
Your Privacy
We are committed to transparency. Suite Assistant only collects the minimum data necessary to provide you with a functional and personalized booking experience. No tracking cookies are used for advertising purposes, and your data is never sold or shared with third parties for marketing.
For more information, please visit our Privacy Policy.