[Openid-specs-ab] Third-Party Cookies and Front Channel Logout

torsten at lodderstedt.net torsten at lodderstedt.net
Mon Aug 29 15:48:59 UTC 2016


Hi Pratek,

we are facing the same problem. Describing it in the spec is definitely the minimum. Better would be to come up with a viable solution.

best regards,
Torsten. 

Sent by MailWise – See your emails as clean, short chats.

-------- Ursprüngliche Nachricht --------
Von: Prateek Mishra via Openid-specs-ab <openid-specs-ab at lists.openid.net>
Gesendet: Friday, August 26, 2016 02:56 AM
An: openid-specs-ab at lists.openid.net
Betreff: [Openid-specs-ab] Third-Party Cookies and Front Channel Logout

>The OIDC Front Channel Logout draft specification uses HTTP GETs to RP URLs that clear login state.
>
>http://openid.net/specs/openid-connect-frontchannel-1_0.html <http://openid.net/specs/openid-connect-frontchannel-1_0.html>
>
>This typically takes the form of an OP loading a page with <iframe src="frontchannel_logout_uri”> or <img src=“front_channel_logout_uri”>
>
>However, modern browsers allow users to “block third party cookies” and this setting means that the logout at the RP will fail (unable to remove previously
>established RP cookie). Our implementation and test teams have found this to be a really confusing situation for end-users.
>
>Have implementors had any success with alternatives or work-arounds? At a minimum we should capture this behavior in the draft specification.
>
>Thanks,
>prateek
>
>
>
>_______________________________________________
>Openid-specs-ab mailing list
>Openid-specs-ab at lists.openid.net
>http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160829/026ca210/attachment.html>


More information about the Openid-specs-ab mailing list