You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
FusionAuth's hosted backend API creates cookies on the broadest domain that is not a top-level domain. This causes issues for second-level domains such as .co.uk as the cookies are defined too broadly.
If you wish to make your app download an updated list periodically, please use this URL and have your app download the list no more than once per day. (The list usually changes a few times per week; more frequent downloading is pointless and hammers our servers.)
The public suffix approach resolves this issue but does not resolve the related issue where a registrable domain has multiple FusionAuth deployments hosted on different subdomains or multiple domains that point to the same FusionAuth deployments.
I agree that it doesn't fix the related issue. But the related issue feels more like an enhancement, so I'd advocate solving it in a backwards compatible manner.
I also think we could take a subset of the public suffix list. We don't need to work with every one. We could take all the ICANN domains, or even just all the domains that have a two letter root domain (like the .ac and .uk ones).
I'd advocate for solving this bug in the right way, and solving #2479 via configuration in a backwards compatible way.
What happened?
Problem
FusionAuth's hosted backend API creates cookies on the broadest domain that is not a top-level domain. This causes issues for second-level domains such as
.co.uk
as the cookies are defined too broadly.Solution
Account for the list of public suffixes when deciding the domain for the cookie.
Related
Version
1.49.1
Affects Versions
>= 1.45.0
The text was updated successfully, but these errors were encountered: