How to confirm client-storage-read view is rendered (for SameSite)

Cantor, Scott cantor.2 at osu.edu
Thu Feb 27 17:41:43 EST 2020


On 2/27/20, 2:42 PM, "users on behalf of Dan Malone" <users-bounces at shibboleth.net on behalf of dmalone at calpoly.edu> wrote:

> Following conclusions on the SameSite testing wiki:

That is not the "for deployers" page, for the record, which is why it's impossible to follow for most people. The digestible conclusions are under SameSite in the Productionalization sections.

> Should we expect to see a second request here as the client-storage-read view is rendered?

Yes.

> 2. Logs - Is there anywhere in the logs that would indicate the client-storage-read view was rendered?

Yes, and you can turn off Javascript and see it definitively.

> 3. Local Storage - Even though we are using server side session storage, will enabling local storage cause the IDP to store
> anything client side?

No, but enabling it just to avoid a few extra logins doesn't really make a lot of sense to me. Once V4 is out, you might as well just enable the SameSite filter instead.
 
-- Scott




More information about the users mailing list