Skip to content
Snippets Groups Projects
Unverified Commit ee19d752 authored by ranbel's avatar ranbel Committed by GitHub
Browse files

[ZT] Binding cookie limitations (#10493)

* pcx-8123

* edit wording
parent 77b91506
No related branches found
No related tags found
No related merge requests found
......@@ -72,16 +72,19 @@ The HttpOnly flag is a cookie attribute that prevents the cookie from being acce
Do not enable HttpOnly if:
- You are using the Access application for non-browser based tools.
- You are using the Access application for non-browser based tools (such as SSH or RDP).
- You have software that relies on being able to access a user’s cookie generated by Access.
### Binding Cookie
The Binding Cookie is an additional cookie created when a user successfully authenticates, shared with Cloudflare to verify identity, and then stripped before it reaches the origin server. The Binding Cookie associates the browser with the Access token; the association protects against compromised authorization tokens because the origin webapp would never see this binding cookie. This protects against session hijack style attacks.
#### When not to use the Binding Cookie
#### When not to use Binding Cookie
Do not use the Binding Cookie for non-browser based Access applications that rely on protocols like SSH, RDP, etc.
Do not enable Binding Cookie if:
- You are using the Access application for non-browser based tools (such as SSH or RDP).
- You have enabled [Automatic Signed Exchanges](/speed/optimization/other/signed-exchanges/enable-signed-exchange/), [Automatic Platform Optimization](/automatic-platform-optimization) or [Zaraz](/zaraz) on the application domain.
### Cookie Path Attribute
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment