By: Alberto Sendino user 04 May 2022 at 6:26 a.m. CDT

2 Responses
Alberto Sendino gravatar
Hi, I´m doing a POC trying to improve OIDC security, and i want to change the cookie storage OIDC use to a local storage, but i can´t found the code in oxTrust and oxAuth to modify for get my results. Where can i find the code where OIDC use cookies? Thank you so much for the help.

By Aliaksandr Samuseu staff 04 May 2022 at 6:43 a.m. CDT

Aliaksandr Samuseu gravatar
Hi, Alberto. I wonder if oxAuth handles the session and cookies on its own, or just delegates this task to underlying web server (Jetty). Still, unless @Yuriy.Zabrovarnyy or @Yuriy.Movchan, or @Thomas Gasmyr.Mougang will have a free minute to share a hint, I think it's a bit beyond Community Support's scope. Source codes are available for studying on Github, so you'll have to do some research there. For example oxAuth code is [here](

By Michael Schwartz Account Admin 04 May 2022 at 12:09 p.m. CDT

Michael Schwartz gravatar
This is out of scope of community support. These days, the HEAD of the project is at the Linux Foundation. See If you want to change how cookies are stored, it could be an interesting feature. But that kind of work must happen in the Github open source repo. Gluu 4 is a stable product.