Open ionutcalin opened 8 years ago
I'd have to go thru the code and look at each one (which I don't have time for now), but we do need many of those cookies in various places in IdSvr. Allowing the path to be changed might break different things in IdSvr.
Is there any place to look for description of all the cookies that can get issued, what they are used for and their lifetime? Lot of clients/organizations require this information.
@snothub I don't think we have anything formal on that, Sorry.
Issue
During my tests I've played with cookie options to restrict the path for which the cookies are issued, so that I can avoid the browser sending to many cookies on each trip.
Now the following cookies do not respect the Path set in IdentityServerOptions->AuthenticationOptions->CookieOptions:
.idsrv.xsrf .idsvr.session .idsvr.session .SignOutMessage .SignInMessage Obs: All these cookies are always issued for the path of the virtual directory where the IdentityServer is mapped.
Only the authentication cookie (with IdentiyServer3) .idsrv respects the path.
Is this by design?
PS On the other hand the cookie prefix set is ok, meaning is respected by all the cookies.