Problem with cookies

Skip to first unread message

Joshua Halpern

Aug 13, 2020, 9:54:38 PM8/13/20
to dev

LibreTexts has set up a system where a link to Hypothesis can be inserted into every page with a box at the bottom of the page. For example

If you login you get the nastygram
"Sorry, but your session has expired. Please go back and try again. " 

However it is possible to login from another link on the page. Our webmaster thinks that it is something about a cookie you are passing.

Josh Halpern

Robert Knight

Aug 18, 2020, 10:21:40 AM8/18/20
to dev, Joshua Halpern

I believe this is caused by the way that configures cookies with the `SameSite` attribute set to `Lax` - which is the recommended default for this attribute. See As a result, `POST` requests made from iframes in a third-party website will not include cookies, such as the Login request.

The Hypothesis client avoids this issue by making login happen in a popup, but we haven't done that for yet because that page is not currently designed to be embedded. For the moment you will need to create an external link which opens in a top-level tab, unless you are OK with the user being anonymous.

Kind Regards,

Reply all
Reply to author
0 new messages