[Openid-specs-ab] Session management and third party cookies

John Bradley ve7jtb at ve7jtb.com
Tue Aug 14 12:37:38 UTC 2012


So I take it that this is not about blocking what we would think of as a normal 3rd party cookie.

The Browsers are also trying to block sneaky ways that people are using to get around 3rd party cookie blocking.

We are getting caught in that basket because the IdP iframe is invoked from the RP iframe.

Any Ideas?

On 2012-08-14, at 7:22 AM, Nat Sakimura wrote:

> Latest Safari on iOS 5.1.1 and Mountain Lion.
> 
> =nat via iPhone
> 
> On Aug 14, 2012, at 9:11 PM, Chuck Mortimore <cmortimore at salesforce.com> wrote:
> 
>> Latest versions of Safari just got far more aggressive about this, so I'd report what version of Safari you were on.
>> 
>> -cmort
>> 
>> On Aug 13, 2012, at 6:36 PM, Nat Sakimura wrote:
>> 
>>> I did a little bit of checking on the relationships between the
>>> Session management spec and third party cookies.
>>> 
>>> In short, it varies.
>>> In Safari and older Chrome, it works.
>>> 
>>> In Chrome after v.17(?), if the user sets the block third party
>>> cookies option, it does not.
>>> 
>>> I have not tested IE.
>>> 
>>> Nat Sakimura
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>> 
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab



More information about the Openid-specs-ab mailing list