Thanks for the info. My reading of this is we should be able to continue using iframes for authentication as long as we keep our cookies as first party cookies by having our authentication server on the same domain as the website the user is using.
In the short term the cookies will continue to work even across domains as long as the authentication server is setting a same site lax cookie.
Thanks again for responding with that info.
My understanding is that depends on where the cookie is set, auth.acme.com could set a cookie on auth.acme.com in which case it would not be 1st party on app.acme.com but if it was set set it on the root domain acme.com then it would be accessible on all subdomains of acme.com including app.acme.com.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thanks for the info. My reading of this is we should be able to continue using iframes for authentication as long as we keep our cookies as first party cookies by having our authentication server on the same domain as the website the user is using.
In the short term the cookies will continue to work even across domains as long as the authentication server is setting a same site lax cookie.
Thanks again for responding with that info.
And "same domain" means the exact same domain, right?
Auth server on auth.acme.com and application on app.acme.com wouldn't work.
My understanding is that depends on where the cookie is set,
auth.acme.comcould set a cookie onauth.acme.comin which case it would not be 1st party onapp.acme.combut if it was set set it on the root domainacme.comthen it would be accessible on all subdomains ofacme.comincludingapp.acme.com.