Azure AD B2C 的 Cookie 定义Cookies definitions for Azure AD B2C

以下各部分提供了有关 Azure Active Directory B2C (Azure AD B2C) 中使用的 Cookie 的信息。The following sections provide information about the cookies used in Azure Active Directory B2C (Azure AD B2C).

SameSiteSameSite

Azure AD B2C 服务与 SameSite 浏览器配置兼容,包括通过 Secure 属性支持 SameSite=NoneThe Azure AD B2C service is compatible with SameSite browser configurations, including support for SameSite=None with the Secure attribute.

为了保护对站点的访问,Web 浏览器将引入一个新的“默认保护”模型,除非另行指定,该模型假定所有 Cookie 都应阻止来自外部的访问。To safeguard access to sites, web browsers will introduce a new secure-by-default model that assumes all cookies should be protected from external access unless otherwise specified. Chrome 浏览器是第一个实现此更改的浏览器,从 2020 年 2 月份的 Chrome 80 开始。The Chrome browser is the first to implement this change, starting with Chrome 80 in February 2020.

开发人员必须使用新的 Cookie 设置 SameSite=None 来指定用于跨站点访问的 Cookie。Developers must use the new cookie setting, SameSite=None, to designate cookies for cross-site access. 当存在 SameSite=None 属性时,必须使用一个额外的 Secure 属性,以便使跨站点 Cookie 只能通过 HTTPS 连接进行访问。When the SameSite=None attribute is present, an additional Secure attribute must be used so cross-site cookies can only be accessed over HTTPS connections. 验证并测试你的所有应用程序,包括那些使用 Azure AD B2C 的应用程序。Validate and test all your applications, including those applications that use Azure AD B2C.

有关详细信息,请参阅:For more information, see:

CookieCookies

下表列出了 Azure AD B2C 中使用的 Cookie。The following table lists the cookies used in Azure AD B2C.

名称Name Domain 过期时间Expiration 用途Purpose
x-ms-cpim-admin main.b2cadmin.ext.azure.commain.b2cadmin.ext.azure.com 浏览器会话结束End of browser session 保存各个租户的用户成员身份数据。Holds user membership data across tenants. 用户所属的租户,以及成员身份级别(管理员或用户)。The tenants a user is a member of and level of membership (Admin or User).
x-ms-cpim-slice b2clogin.cn、login.partner.microsoftonline.cn、品牌域b2clogin.cn, login.partner.microsoftonline.cn, branded domain 浏览器会话结束End of browser session 用于将请求路由到相应的生产实例。Used to route requests to the appropriate production instance.
x-ms-cpim-trans b2clogin.cn、login.partner.microsoftonline.cn、品牌域b2clogin.cn, login.partner.microsoftonline.cn, branded domain 浏览器会话结束End of browser session 用于跟踪事务(对 Azure AD B2C 发出的身份验证请求数)和当前事务。Used for tracking the transactions (number of authentication requests to Azure AD B2C) and the current transaction.
x-ms-cpim-sso:{Id} b2clogin.cn、login.partner.microsoftonline.cn、品牌域b2clogin.cn, login.partner.microsoftonline.cn, branded domain 浏览器会话结束End of browser session 用于保留 SSO 会话。Used for maintaining the SSO session.
x-ms-cpim-cache:{id}_n b2clogin.cn、login.partner.microsoftonline.cn、品牌域b2clogin.cn, login.partner.microsoftonline.cn, branded domain 浏览器会话结束,身份验证成功End of browser session, successful authentication 用于保留请求状态。Used for maintaining the request state.
x-ms-cpim-csrf b2clogin.cn、login.partner.microsoftonline.cn、品牌域b2clogin.cn, login.partner.microsoftonline.cn, branded domain 浏览器会话结束End of browser session 用于实现 CRSF 保护的跨网站请求伪造令牌。Cross-Site Request Forgery token used for CRSF protection.
x-ms-cpim-dc b2clogin.cn、login.partner.microsoftonline.cn、品牌域b2clogin.cn, login.partner.microsoftonline.cn, branded domain 浏览器会话结束End of browser session 用于 Azure AD B2C 网络路由。Used for Azure AD B2C network routing.
x-ms-cpim-ctx b2clogin.cn、login.partner.microsoftonline.cn、品牌域b2clogin.cn, login.partner.microsoftonline.cn, branded domain 浏览器会话结束End of browser session 上下文Context
x-ms-cpim-rp b2clogin.cn、login.partner.microsoftonline.cn、品牌域b2clogin.cn, login.partner.microsoftonline.cn, branded domain 浏览器会话结束End of browser session 用于存储资源提供程序租户的成员身份数据。Used for storing membership data for the resource provider tenant.
x-ms-cpim-rc b2clogin.cn、login.partner.microsoftonline.cn、品牌域b2clogin.cn, login.partner.microsoftonline.cn, branded domain 浏览器会话结束End of browser session 用于存储中继 Cookie。Used for storing the relay cookie.