1.3 KiB
Cookie
Single Sign-On (SSO) mode is utilized for authorization and authentication across the beOS Pro, including all installed apps. SSO authentication is non-intrusive, using cookies as the authentication credential.
The system will set two cookies after login
-
authelia_session
The content of the cookie is the session id of SSO. The scope is the user's beOS Pro domain,
<username>.beos.local -
auth_token
The user authenticated authorization token. The scope is the user's beOS Pro domain,
<username>.beos.local
To prevent cookie conflicts, no application (whether it's a built-in system app or a third-party app) can set cookies to the user's domain. Cookies can only be set to the domain of the app.
Every application in beOS Pro operates under two domains: <app id>.<username>.beos.local and <app id>.local.<username>.beos.local. As a result, beOS Pro incorporates a cookie-setting rewrite mechanism within the beOS Pro Application Runtime. This ensures that the application automatically assigns cookies for both domains in the Set-Cookie field of the HTTP response.
To use this feature, you just need to define it in the application chart's beOS ProManifest.yaml
options:
resetCookie:
enabled: true