ionparticle
commented
4 years ago Ended up not using cookies for LTI, using encrypted JWT to pass the session id using the state variables 'state' and 'lti_message_hint'.
Closed ionparticle closed 4 years ago
ionparticle
commented
4 years ago Ended up not using cookies for LTI, using encrypted JWT to pass the session id using the state variables 'state' and 'lti_message_hint'.
There is chatter that the SameSite cookie change might impact LTI implementations. They're working on releasing an official statement.
We will need to test in Chrome with the appropriate flags on to see if this is an issue.