I am trying to detect a login for a user from a browser that is new to them.
It could be a new PC, a new browser, etc. I'm doing this to attempt to notify them of a possible security problem. You know, someone else logging in on a computer they don't recognize.
My plan was to add a guid to a cookie and, at login, retrieve that cookie and see if that user has logged in with that cookie present before. I am not storing any auth information, just a unique device id.
Here's my set up:
Now processing the login...
And here are the screenshots from Chrome.
Here, I am logged in and the cookie is there:
I log out and the same cookie value is still there, so far so good.
But I put a break point in my code so I could see the state of the browser after returning from B2C and redirecting back to m y site. And the cookie is gone, which causes my site to think it's a login from a new device.
I can see that the domains are different, and I understand cookies are particular to a domain, but I don't know where it went.
Is there any chance that this is related to localhost ? I'm pretty sure I'll be using cookies for other things and I don't understand what's happening.
Thanks in advance.
#noobalert
Relevant stuff:
- Asp.Net Core 2.1
- Chrome
- Windows 10
- Azure B2C