Protection against cookie theft?

patricia.krupa · August 22, 2018, 2:07pm

Hello,

i have a question about security related to cookie theft… We are evaluating Auth0 and its SSO functionality and i have done a simple test by importing cookies from one browser into another and was disappointed that it was instantly logged in. We are using the Implicit Grant flow with Silenth Authentication for SSO. Have i missed something or can someone provide some additional informations how to best implement protections against that case ? Any way to do it with the hooks ?

Thanks alot!

konrad.sopala · August 19, 2019, 8:45am

Hey there!

Sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes the number of incoming questions is just too big for our bandwidth. Sorry for such inconvenience!

Do you still require further assistance from us?

Topic		Replies	Views
Privilege Escalation Attack on Auth0 Help auth0	3	3047	June 25, 2019
Disable SSO Session/Cookie entirely Help auth0 , sso , session , cookie	5	10532	August 27, 2019
Passwordless Implementation Details Help auth0 , passwordless , passwordless-email	3	2273	February 10, 2022
Disable auth0 SSO for one application Help	2	3734	September 4, 2019
Remove all SSO cookies when using SAML Help auth0 , sso	5	4080	April 10, 2019

Protection against cookie theft?

Related topics