Security considerations of single signon in context of XSS

when you think of it at first it sounds like a great idea. All you have to do is set a global cookie for the main domain and based on that perform authentication. User will be able to go from subdomain to dubdomain and still remain authenticated.

Unfortunately there is second side to this story : )

Another cookie rejection pitfall - problems with null path and domain

There are another two pitfalls easy to stumble upon when it comes to cookies. These are path and domain related issues. Not setting path on your persistent cookies might be frustrating. Read for more details.

Why does Internet Explorer keepon ignoring my cookies ?

There is one very nasty 'feature' of IE6 and IE7 that is very hard to debug and detect. It happened to me so i'm sharing it here to help others. If your IE keeps on rejecting your cookies without any errors nor messages you might want to check this one out!

Syndicate content

About the author

Artur Ejsmont

Hi, my name is Artur Ejsmont,
welcome to my blog. I am a passionate software engineer living in Sydney and working for Yahoo!

Web Scalability for Startup Engineers

If you are into technology, you can order my book Web Scalability for Startup Engineers on Amazon. I would love to hear what are your thoughts so please feel free to drop me a line or leave a comment.

Follow my RSS