Document toolboxDocument toolbox

Session cookies

AUTH and SIGN operations

For AUTH and SIGN in 2.0, and AUTH in 2.1, the withCredentials  must be set to true in initSession().

SIGN operation in the 2.1 Web-client

The 2.1 Web-client is part of a modified architecture where a new component, called Client Proxy, is introduced. The introduction of this proxy, between the Web-client and the merchant's server, necessitates that any session cookie must be explicitly communicated to the client so that it in turn may communicate this cookie to the proxy. Making use of the session cookie, the proxy is then able to communicate with the merchant's server on behalf of the client.

Merchants must ensure to undertake the following steps to make session cookies available for the Client Proxy:

When initializing the Web-client with the bankidhelper.init() method, a new parameter called sessionCookie must be set. The parameter can either contain:

  1. Both the session cookie's name and value.
  2. Just the session cookie's name – in which case the bankidhelper will retrieve the value from the cookie. Please note that this option is not available if the cookie is set with the HttpOnly flag.

Note that the use of session cookies is optional in the context of the BankID Web-client. The steps described above is only needed if the merchant is already making use of session cookies.