ETLJ – WindowsTechs.com

Is it possible to trick a user into logging in to a site, then stealing a non HttpOnly cookie that will be set after they log in?

Posted on April 11, 2024 by ETLJ

If a user has already logged in, and then the site sets a non HttpOnly cookie, then it seems possible to trick the user into doing something that would lead to the cookie being stolen.
If the cookie expires after one minute, it seems like … Continue reading Is it possible to trick a user into logging in to a site, then stealing a non HttpOnly cookie that will be set after they log in?→

OAuth2 OpenID Connect Third Party Initated Login with implicit flow

Posted on March 18, 2024 by ETLJ

I’m working within a spec that uses the OpenID Connect third party initiated login + implicit flow. I first have to register my application with the third party, providing them a login initiation url, redirect uri, target link uri. Then th… Continue reading OAuth2 OpenID Connect Third Party Initated Login with implicit flow→