Timeline for Can I use a session cookie for API authentication?
Current License: CC BY-SA 4.0
4 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Dec 24, 2022 at 11:55 | comment | added | amon | @DamienMonni Note that SameSite affects behaviour of sub-requests (e.g. if your site is included in a frame, or fetch() requests). It does not provide a way to implement third-party cookies. See developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/… . Using the Authorization header would give you more control than relying on cookies. | |
| Dec 22, 2022 at 17:57 | comment | added | Ewan | If you don't know for sure, you shouldnt be writing it | |
| Dec 22, 2022 at 14:52 | comment | added | Damien Monni | Thanks. So setting the SameSite=None attribute on the session cookie isn't an issue? | |
| Dec 22, 2022 at 14:39 | history | answered | Ewan | CC BY-SA 4.0 |