Thursday, June 21, 2018

Cookie lifetime in Chrome

While documenting our security and privacy policies for GDPR, I got a question about the Windows Identity Foundation cookies created after logging into ADFS.

When looking in the Chrome Developer tools, we noticed that the Expires/Max-Age setting was set to 1969-12-31…:


We were wondering why this strange date? When I opened the same site in Edge, I saw the following in the Edge Developer Tools:


The cookie lifetime is set to Session, which makes more sense. Probably the Chrome Developer Tools are showing a minimum date when the cookie lifetime is linked to the session.

Kind of confusing…

No comments: