Sunday, 13 March 2016

How Browser Cookies work in SharePoint

Overview:  SharePoint by default uses disk based persistence using a FedAuth Cookie.  In most enterprise clients there are multiple different application and authentication providers.  Cookies can be set for session persistence in multiple ways and as the application world is walking toward SSO is becoming even more prevalent for unexpected behavior to happen with cookies.

Thoughts:
  • Cookies that keep are responsible for authentication can be stored for the browser sessions eithe ron Disk or in session.
  • By default SharePoint uses disk based authentication for the users session using the FedAuth cookie.  Switching to session based persistence should not be undertaken without considerable forethought.
  • Watch out for IE's odd behavior relating to session whereby domain level permissions are passed down to sub-domains.


More Info:
http://erik.io/blog/2014/03/04/definitive-guide-to-cookie-domains 
http://blogs.msdn.com/b/ieinternals/archive/2009/08/20/wininet-ie-cookie-internals-faq.aspx
https://blogs.msdn.microsoft.com/ie/2009/05/06/session-cookies-sessionstorage-and-ie8-or-how-can-i-log-into-two-webmail-accounts-at-the-same-time/

0 comments:

Post a Comment