How to set a set cookie in the management screen?

You can send them this information I posted previously.

We explicitly set it to none when saving cookies, at least for HTTPS. If no HTTPS, we use the browser default by not specifying a value at all.auth0-spa-js/storage.ts at 0c6166c0f1dd7c8405b7231d0074c1eb0d8a164f · auth0/auth0-spa-js · GitHub

If they’re testing on localhost , it could be (I’m assuming Chrome) defaulting to lax if the SameSite attribute is not specified. See this Chrome feature which started rolling out from July 2020. So it could be Chrome just reporting that default.

When SameSite was implemented in this SDK, we decided at the time to specify none when running on HTTPS, and not specify anything at all (inherit browser defaults) when not running on HTTPS.

Thankyou for your support.
I’ll try to explain.

For example, ‘domain name a’ and ‘domain name B’ use the same auth0 application. What will be passed in the set-cookie?
For example: token? Or what information? We need to evaluate whether the information leakage will cause harm to our customers?

@lliuxu,

You can see the contents of that cookie by inspecting the application. It contains a boolean value to indicate if the application should perform a silent auth request (just a request, not a form of authentication).

Thank you for your support.

Is that the one below?

image937×48 1.16 KB

That appears to be a different cookie.

Are they 1 and 2 below?

image693×47 2.01 KB

According to your previous post, yes those match the cookies in discussion.

Thankyou for your support.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.