Web log-in and single sign-on at Stanford
The first time you login to a Stanford web page for the day you enter your username and password (unless you are using Cardinal Key); you might also be asked to do a two-step authentication. Once you have done this authentication your web browser stores special session information. This saved session information allows you to access other Stanford websites without re-entering your credentials. This is called single sign-on and saves you from the tedious chore of re-entering your Stanford credentials on every different Stanford web site.
How single sign-on information is saved
In the past single sign-on information was stored as a browser "cookie". Following best practices we have changed this so that now web single sign-on information is stored in web local storage. Web local storage is similar to cookies but it allows larger pieces of data to be stored on your browser. For this storage to work you must not have disabled Javascript on your browser.
Because single sign-on information is stored in the web browser, single sign-on is specific to each browser: browsers do not share session information. This is why if you login to Stanford web sites on two different browsers, say Firefox and Chrome, you will have to do your initial authentication on each browser.
Some questions answered
- Do I need to do anything to enable web local storage? No. All modern browsers support web local storage by default.
- Do logins work differently with local storage vs. cookies? No. The login process is exactly the same, but you might notice an intermediate page flash quickly by that mentions reading and storing session information to your browser. This is expected and necessary as this is the page that stores your data locally.
- Why does local storage need Javascript? Cookies are sent without the need for any sort of scripting, but web local storage uses Javascript to store your data. If Javascript is disabled on your browser you will not be able to save your single single-on session information locally.
- Is SSO login through an iFrame Supported? Stanford does not support single sign-on (SSO) through an iFrame. This change was made University-wide for security purposes to limit Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities and is an industry-wide standard. We suggest sending users to the desired content by linking directly to the secured page instead of using iFrames. Learn more from the Embeddable Content Policy.
