Forum Discussion
Good comparison is domain cookie (domain in cookie response v16) vs host cookie (full host name in v15.1 no domain specified)
https://medium.com/datamindedbe/a-summary-of-cookies-645beed9fd9
Host-only cookies match domains that exactly correspond with the domain attribute of the cookie. When setting cookies server-side, host-only is the default in the sense that cookies are host-only unless you specify a cookie’s Domain-attribute; the domain of such cookies is derived from the Host request header. (typically the behavior in vesrion 15.1 and not in 16)
- MarvinNov 17, 2021Cirrocumulus
it seems that if the access profile was configured with the domain value in SSO and later removed it will still be working on domain level (*.example.com), to solve this remove the access profile and recreate it then by default it is host cookie (weird but truth)