The authentication cookie | PhenixID PAS 5.1.4

To keep track of sessions, PAS uses a session cookie. This is bound to the first part of the path, meaning /authentication has one session cookie, and e.g. /myapps has another. A session cookie can generally be removed by calling the endpoint /somepath/authenticate/logout/ where somepath is the path the cookie is bound to, for example /authentication or myapps.

Setting a specific domain

You may set a specific domain for your authentication cookie so that the cookie is valid for any subdomains you might want to use. This can be particularly useful when using mutual TLS only at a specific subdomain. To make your cookie valid for a specific domain you need to configure DOMAIN_CONFIGURATIONS:

{
    "domainName": "my.domain.com",
    "enforceCookieDomain": "true",
    "includeSubdomains": "true"
}

If the domain is set this way, the cookie may still be used by a subdomain e.g. mtls.my.domain.com.

Table of Contents

Setting a specific domain

Tags