Difference between revisions of "Authentication Cookie"
From MgmtWiki
(→Problems) |
|||
| Line 6: | Line 6: | ||
==Problems== | ==Problems== | ||
| − | The use of [[Cookies]] on various devices and [[User Agent]]s has be restricted in ever more severe ways. These restrictions have limited the functionality of the [[Authentication Cookie]]. | + | *The use of [[Cookies]] on various devices and [[User Agent]]s has be restricted in ever more severe ways. These restrictions have limited the functionality of the [[Authentication Cookie]]. |
| + | *In particular Apple introduced a restriction on same-site cookies that caused common implementations of [[OAuth 2.0]] to fail. Brock Allen decode that issue on his site<ref>Brock Allen, ''Same-site cookies, ASP.NET Core, and external authentication providers.'' (2019-01-11) https://brockallen.com/2019/01/11/same-site-cookies-asp-net-core-and-external-authentication-providers/</ref> | ||
==Solution== | ==Solution== | ||
Revision as of 10:54, 17 March 2019
Full Title or Meme
An Authentication Cookie is a compact collection of data provided to a User Agent by a Web Site to be retrieved later as proof that an Authentication has be successful with this session on this device.
Context
Cookies were introduced to Web Sites to enable a continuity of
Problems
- The use of Cookies on various devices and User Agents has be restricted in ever more severe ways. These restrictions have limited the functionality of the Authentication Cookie.
- In particular Apple introduced a restriction on same-site cookies that caused common implementations of OAuth 2.0 to fail. Brock Allen decode that issue on his site[1]
Solution
Reverences
- ↑ Brock Allen, Same-site cookies, ASP.NET Core, and external authentication providers. (2019-01-11) https://brockallen.com/2019/01/11/same-site-cookies-asp-net-core-and-external-authentication-providers/
