You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm curious why the cookie's key is somewhat stateful/dynamic..?
The problem I'm seeing is when the user refreshes, it creates new nonce & cv cookies, leaving the old ones orphaned. This could eventually cause the request header to grow too big.
Do you see any issue with changing this cookie key to something constant like OpenIdConnect.cv.foo?
The text was updated successfully, but these errors were encountered:
Hi Scott, firstly thanks for this awesome post on Legacy ASP.NET & PKCE!
In that article you mention:
// remember code verifier in cookie (adapted from OWIN nonce cookie)https://github.com/scottbrady91/Blog-Example-Classes/blob/7f30cee656ddb1b6cd68483a5447dcf10f2d1afc/AspNetFrameworkPkce/ScottBrady91.BlogExampleCode.AspNetPkce/Startup.cs#L129
I'm curious why the cookie's key is somewhat stateful/dynamic..?
The problem I'm seeing is when the user refreshes, it creates new
nonce&cvcookies, leaving the old ones orphaned. This could eventually cause the request header to grow too big.Do you see any issue with changing this cookie key to something constant like
OpenIdConnect.cv.foo?The text was updated successfully, but these errors were encountered: