The Cloudflare _cfuid cookie

Charles Severance

unread,

May 12, 2021, 10:20:15 AM5/12/21

to Tsugi Developers

Hi all,

You might see a few more “Session Not Found” errors in your servers going forward if your servers live behind CloudFlare (like most of my servers do).

The issue is that CloudFlare is removing support for one of its CloudFlare specific cookies.

https://blog.cloudflare.com/deprecating-cfduid-cookie/

This cookie was useful as it was a random number assigned to a particular browser. Tsugi used this key when it was present to help construct a robust browser signature that Tsugi uses to detect session hijacking and to implement the OIDC login flow for LTI Advantage.

Your code won’t break when the cookie disappears - Tsugi just won’t see it and won’t use it. Tsugi does not *depend* on this cookie - it just uses it if it is there to improve browser fingerprinting.

Since the cookie is gone and won't’ come back - I will be removing the code that uses it - just because the less code the better - but there is no rush.

Hope all is well.

/Chuck

Message has been deleted

Charles Severance

unread,

May 28, 2021, 8:08:24 AM5/28/21

to Krissh Goel, Tsugi Developers

Are you starting to use Tsugi?

/Chuck

On May 28, 2021, at 3:46 AM, Krissh Goel <krissh0...@gmail.com> wrote:

Hi,
This is Krissh.
I am actually a beginner so I need some personal attention.

Thanks and Regards,
Krissh Goel

Reply all

Reply to author

Forward