Shibboleth Developers

["Scott Cantor" <>]

Chad La Joie wrote on 2009-12-07:
> Well, I'm guessing that it may not be treated as a third party site.
> The JS is fetched from the WAYF and the calls from the JS go to the
> WAYF.  So the browser *may* be seeing that is a single site.  Lukas
> probably knows better though.

I suspect it is (and I'm working on a test case), but by the same logic so
should a frame inside a page. I'm not talking about a frame trying to do
anything with the frameset or another frame, simply a frame that wants to
access its own cookies.

By definition, if we're saying that we can loophole the cookie limitations
in frames using Javascript, then any of the client justifications for
blocking the cookies with the frame would apply to Javascript.
 
-- Scott