Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Possible to disable Identity cookies when using JWT tokens?
See original GitHub issueIs it currently possible with .net core 2.1 to disable cookies completely?
I have JWT setup but noticed the calls to /connect/token and subsequent controllers all still return Identity cookies named .AspNetCore.Identity.Application. I’d love to be able to turn these off completely, haven’t come across a way to do it yet.
Issue Analytics
- State:
- Created 5 years ago
- Comments:31 (14 by maintainers)
Top Results From Across the Web
[.NET Core] Why does Identity always creates cookies even ...
This is what my problem is. I want to make it so that cookies won't be created and .NET Core will use JWT...
Read more >Asp.Net WebApi Core 2.0 Identity With JWTBearer Without ...
My problem is that when I call signInManager.PasswordSignInAsync it include cookie with authentication token to response. But i Would like only ...
Read more >JWT authentication: Best practices and when to use it
A guide for using JWT authentication to prevent basic security issues. ... JWT token; How to securely store JWTs in a cookie; Using...
Read more >Stop using JSON Web Tokens. Use Cookies & Server ...
It is true that jwt has a few drawbacks, but the recommendation to utilize an HTTP session cookie and to keep the session...
Read more >JWT in Cookies — flask-jwt-extended 3.25.1 documentation
This token is saved in a cookie with httponly set to True, so it cannot be accessed via javascript. We will then create...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
So you’ve added an overload to support a scenario you don’t recommend and that only works by accident? Okay…
Thanks for the info.
There’s no doubt that people keep trying to do this, which is why we added the AddIdentityCore overload, but SignInManager is still designed to work with cookies in general, only some of the methods work (and by accident as opposed by intent). Hence there won’t be official documentation support for identity + JWT in general since only some thing work right now…