LTI and Cookies

Background

Both Talis Aspire and your university authentication system use cookies set in your user's browser to keep track of the user session so that code running in the browser knows that the user has successfully authenticated themselves.

Talis Aspire uses devolved authentication provided by your university in order to identify unique users so that the personalisation features of reading lists can be correctly attributed to the right user profile.

Talis Aspire does not use user information directly passed via LTI as the user identifiers will not match the identifiers you would see from the university authentication system, and so we would be unable to match a user to their profile.

Google Chrome and SameSite Cookies

Google Chrome version 80 is changing its security model around Cookies and this will be released to end users on the 4th of February in a Google Chrome update. We expect other browsers to also follow with a similar change in due course.

Talis are already putting in place the changes required to keep login to Talis Aspire working as normal for all of your users.

The chrome announcement page provides useful information, for those with a technical interest in the SameSite cookie security changes.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.