Can someone explain the purpose of the cookies that are sent to the user's browser after successfully logging in to Identity Server4. Also I have three smaller related questions below.
The client uses cookie middleware in the ASP.NET core defined in the Startup.cs file .
app.UseCookieAuthentication()
Itβs clear which Identity Server tokens are created and which cookies create the ASP.NET Core middleware, but I'm not sure what content each cookie contains.
ASP.NET Core middleware decided to create cookie pieces, probably due to the size of the cookie (4050B + 865B).
I am trying to find a way to decrypt cookies to read values ββusing the data protection API provided by ASP.NET Core with no luck.
- idsvr
- idsvr.session
- .AspNetCore.coookie
- .AspNetCore.coookieC1
- .AspNetCore.coookieC2
- .AspNetCore.Antiforgery.
- Which cookie contains id_token, access_token issued by Identity Server?
- Can a CookieName be used to change the name of a cookie created by ASP.NET Core middleware if different clients use the same cookie name or do they need separate session cookies?
- Can I decrypt Identity Server cookies using the data protection API ?
source
share