[Openid-specs-ab] Third-Party Cookies and Front Channel Logout

Prateek Mishra Prateek.Mishra at oracle.com
Mon Aug 29 20:09:09 UTC 2016


Agreed, Torsten, we would like to see a solution to the problem as well.

I believe that the “OpenID Session Management 1.0” specification suffers from the same problem, 
but I have personally not worked with this specification.

Mike - could we please add this issue to the next AB call agenda?

Thanks,
prateek

> On Aug 29, 2016, at 8:48 AM, torsten at lodderstedt.net wrote:
> 
> Hi Pratek,
> 
> we are facing the same problem. Describing it in the spec is definitely the minimum. Better would be to come up with a viable solution.
> 
> best regards,
> Torsten.
> 
> Sent by MailWise <http://www.mail-wise.com/installation/2> – See your emails as clean, short chats.
> 
> 
> 
> -------- Ursprüngliche Nachricht --------
> Von: Prateek Mishra via Openid-specs-ab <openid-specs-ab at lists.openid.net>
> Gesendet: Friday, August 26, 2016 02:56 AM
> An: openid-specs-ab at lists.openid.net
> Betreff: [Openid-specs-ab] Third-Party Cookies and Front Channel Logout
> 
> The OIDC Front Channel Logout draft specification uses HTTP GETs to RP URLs that clear login state.
> 
> http://openid.net/specs/openid-connect-frontchannel-1_0.html <http://openid.net/specs/openid-connect-frontchannel-1_0.html>
> 
> This typically takes the form of an OP loading a page with <iframe src="frontchannel_logout_uri”> or <img src=“front_channel_logout_uri”>
> 
> However, modern browsers allow users to “block third party cookies” and this setting means that the logout at the RP will fail (unable to remove previously
> established RP cookie). Our implementation and test teams have found this to be a really confusing situation for end-users.
> 
> Have implementors had any success with alternatives or work-arounds? At a minimum we should capture this behavior in the draft specification.
> 
> Thanks,
> prateek
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160829/0b5650c8/attachment.html>


More information about the Openid-specs-ab mailing list