Chapter 6. Authentication and sessions

This chapter covers

  • Introduction to third-party cookies
  • Authenticating and persisting sessions from your third-party application
  • Workarounds when third-party cookies are disabled
  • Techniques for defending against session hijacking

Up until this point, we’ve been implementing user-agnostic applications. No matter who’s loaded your third-party script, they all experience the same version of the application. But what if, instead, your application could identify users who are currently (or previously) signed in to your service? Leveraging any data you might have about that user, you might be able to deliver them a customized and improved experience.

You’ve probably seen this behavior in third-party applications ...

Get Third-Party JavaScript now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.