Collaborate Disseminate
I have three domains but the same code base (Domain X, Domain Y, Domain Z) and
Accounts website A
If a user tries to sign in accounts from domain X, I wanted to SSO in the other two domains (Browser Scenario: third party cookies blocked)…. Continue reading Cookie set from a server to a client with different domain(via XHR), but not recognized by Client domain
I visited website B after visiting website A. Upon clicking the search bar on website B, a dropdown menu appeared containing the words I searched on website A. After clearing my browser history and cookies, the search bar on website B no l… Continue reading Can a website track your browsing history on other websites?
During a security assessment I noticed that Firefox automatically set the SameSite value of a session cookie to Lax. According to the Mozilla specs, this is the case for ‘modern browsers’.
The SameSite attribute set to Lax seems to protect… Continue reading Do I still need CSRF protection when SameSite is set to Lax?
For most of them may be its a silly question but I want it to know this in very simple language.
If an application is not using CORS at all then should we put this SameSite cookie attribute?
and if Application has subdomain like abc.doma… Continue reading What is the connection between CORS and SameSite cookie attribute?
I must say, that I like this idea and it seems that it will bring a new form of protection against CSRF and XSS or at least it will reduce those attacks.
So, how effective will this protection be?
SameSite-cookies is a mechanism for d… Continue reading Will same-site cookies be sufficient protection against CSRF and XSS?