Set SameSite to None when expiring Outlook Web cookies to fix single logout.

Set SameSite to None when expiring Outlook Web cookies to fix single logout.
0

Upvotes

Upvote

 Jul 17 2023
0 Comments 
New

The current implementation of the logout process for Outlook Web neglects to set the SameSite option to None when expiring Outlook’s cookies during a single logout which results in an implicit value of Lax. When operating behind Azure AD, this means that the iframe’d logout requests will fail to log out Outlook Web in Chrome and Edge. This feature request is to simply, explicitly set SameSite to None which should fix the issue in Chrome and Edge.