1.Previous
3.Next

Due to how single sign-on works, by sending a request to the logged-in website to get a SSO token and sending a request with the token to the logged-out website, the token cannot be protected with the HttpOnly cookie flag and thus can be stolen by an attacker if there is an XSS vulnerability on the logged-out website, in order to do session hijacking. Another security issue is that if the session used for SSO is stolen (which can be protected with the HttpOnly cookie

1.Previous
3.Next