Sunday 13 March 2016

How Browser Cookies work in SharePoint

Overview:  SharePoint by default uses disk-based persistence using a FedAuth Cookie.  In most enterprise clients there are multiple different application and authentication providers.  Cookies can be set for session persistence in multiple ways and as the application world is walking toward SSO is becoming even more prevalent for unexpected behavior to happen with cookies.

Thoughts:
  • Cookies that keep are responsible for authentication can be stored for the browser sessions either on Disk or in session.
  • By default, SharePoint uses disk-based authentication for the user's session using the FedAuth cookie.  Switching to session based persistence should not be undertaken without considerable forethought.
  • Watch out for IE's odd behaviour relating to session whereby domain level permissions are passed down to sub-domains.
Chrome Developer Tools makes it easy to monitor cookies on sites: F12 > Application > Cookies > Chose the site to see the cookies


More Info:
http://erik.io/blog/2014/03/04/definitive-guide-to-cookie-domains 
http://blogs.msdn.com/b/ieinternals/archive/2009/08/20/wininet-ie-cookie-internals-faq.aspx
https://blogs.msdn.microsoft.com/ie/2009/05/06/session-cookies-sessionstorage-and-ie8-or-how-can-i-log-into-two-webmail-accounts-at-the-same-time/

0 comments:

Post a Comment