IdentityServer3 icon indicating copy to clipboard operation
IdentityServer3 copied to clipboard
verified publisher icon IdentityServer

IdentityServer3 Cookie Paths

Open ionutcalin opened this issue 9 years ago • 3 comments

Issue

During my tests I've played with cookie options to restrict the path for which the cookies are issued, so that I can avoid the browser sending to many cookies on each trip.

Now the following cookies do not respect the Path set in IdentityServerOptions->AuthenticationOptions->CookieOptions:

.idsrv.xsrf .idsvr.session .idsvr.session .SignOutMessage .SignInMessage Obs: All these cookies are always issued for the path of the virtual directory where the IdentityServer is mapped.

Only the authentication cookie (with IdentiyServer3) .idsrv respects the path.

Is this by design?

PS On the other hand the cookie prefix set is ok, meaning is respected by all the cookies.

ionutcalin avatar Oct 06 '16 14:10 ionutcalin

I'd have to go thru the code and look at each one (which I don't have time for now), but we do need many of those cookies in various places in IdSvr. Allowing the path to be changed might break different things in IdSvr.

brockallen avatar Oct 06 '16 14:10 brockallen

Is there any place to look for description of all the cookies that can get issued, what they are used for and their lifetime? Lot of clients/organizations require this information.

snothub avatar Oct 31 '17 08:10 snothub

@snothub I don't think we have anything formal on that, Sorry.

brockallen avatar Oct 31 '17 13:10 brockallen