Third Party Cookie and Identity Server

Question

Third Party Cookie and Identity Server

kkdeveloper7 opened this issue 3 months ago · 3 comments

kkdeveloper7 commented 3 months ago

Which version of Duende IdentityServer are you using?
7

Which version of .NET are you using?
8

Describe the bug

A clear and concise description of what the bug is.

To Reproduce

Steps to reproduce the behavior.

Expected behavior

A clear and concise description of what you expected to happen.

Log output/exception with stacktrace

Additional context

According to google, in 2024 Q4 Third party cookies will be phased out, perhaps this will be extended here. I noticed that after login, Identity Server drops 2 cookies

idsrv
idsrv.session (this cookie is dropping with SameSite=None; Secure)

Since one of the cookies is dropped with SameSite=None, are we going to be affected by this? Anything we need to do going forward?

Answer 1 · 2024-08-29T07:58:09.000Z

Google had the intention to do this but they decided to not implement the plan. See here.

For context: The idsrv.session cookie is required by the OIDC session management spec for JS/SPA clients and it implements this spec.

Answer 2 · 2024-09-09T08:28:18.000Z

@kkdeveloper7 Did this answer your question? If not please add to this issue. If not I'd like to close it.

Answer 3 · 2024-09-09T16:34:35.000Z

@kkdeveloper7 Did this answer your question? If not please add to this issue. If not I'd like to close it.

yes, thank you!