{"id":5733,"date":"2020-02-08T08:30:57","date_gmt":"2020-02-08T12:30:57","guid":{"rendered":"https:\/\/www.dr-chuck.com\/csev-blog\/?p=5733"},"modified":"2020-02-08T19:25:22","modified_gmt":"2020-02-08T23:25:22","slug":"chrome-80s-change-to-cookie-policy-will-break-lots-of-lti-tools-but-not-tsugi-tools","status":"publish","type":"post","link":"https:\/\/www.dr-chuck.com\/csev-blog\/2020\/02\/chrome-80s-change-to-cookie-policy-will-break-lots-of-lti-tools-but-not-tsugi-tools\/","title":{"rendered":"Chrome 80&#8217;s change to cookie policy will break lots of LTI tools &#8211; but not Tsugi tools"},"content":{"rendered":"<div>\n<p>This is the latest news from IMS about the changes to Chrome that will likely cause a lot of LTI providers to break.<\/p>\n<div><a href=\"https:\/\/www.imsglobal.org\/samesite-cookie-issues-lti-tool-providers\">https:\/\/www.imsglobal.org\/samesite-cookie-issues-lti-tool-providers<\/a><\/div>\n<\/div>\n<div><\/div>\n<div>The good news is that Tsugi tools do not use cookies *at all* to maintain their session. \u00a0This design choice makes it more difficult to develop Tsugi apps but has several advantages:<\/div>\n<div><\/div>\n<div><\/div>\n<ul>\n<li>Tsugi apps can function within multiple iframes simultaneously on the same page<\/li>\n<li>Tsugi apps can be logged on different accounts across multiple tabs<\/li>\n<li>Tsugi apps should be unaffected as Chrome and the rest of the browser market tightens down the use of cookies<\/li>\n<\/ul>\n<div>This works for both PHP and Python \/ Python Tsugi tools.<\/div>\n<div><\/div>\n<div>It was not easy &#8211; I when PHP 7.0 came out &#8211; they broke the feature so I filed and got fixed some arcane PHP bugs. In the Django world there was a cookiless session module that was 1.x only so I helped get that upgraded and am contributing improvements to the product so that the cookieless code in Django is actually superior to the PHP code for cookiless sessions.<\/div>\n<div><\/div>\n<div>The mistake that 99% of the LTI developers make is that they assume LTI a Single-Sign-On &#8211; which is absolutely not true &#8211; leading to some really poorly designed cookie-based LTI integrations\u00a0 that Chrome is about to punish.<\/div>\n<div><\/div>\n<div>This is why using a framework for LTI applications is so important.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>This is the latest news from IMS about the changes to Chrome that will likely cause a lot of LTI providers to break. https:\/\/www.imsglobal.org\/samesite-cookie-issues-lti-tool-providers The good news is that Tsugi tools do not use cookies *at all* to maintain their session. \u00a0This design choice makes it more difficult to develop Tsugi apps but has several [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-5733","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/posts\/5733","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/comments?post=5733"}],"version-history":[{"count":4,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/posts\/5733\/revisions"}],"predecessor-version":[{"id":5737,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/posts\/5733\/revisions\/5737"}],"wp:attachment":[{"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/media?parent=5733"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/categories?post=5733"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/tags?post=5733"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}