Is using cookies within a Fabric workload allowed/encouraged?

[joe-statsig]

Currently working on a Fabric workload where we're looking to use cookies for session management as our existing application currently leverages them in our Auth flows. I've haven't been able to get any cookies working in the IFrame and was wondering if they are disabled at a platform level. If so, does the team have any best practices on authenticating requests to our Iframe application's backend?

[omgharra]

First, we deliberately disable cookies in the iframe for security reasons. Could you please elaborate on what you are trying to achieve exactly? Setting cookies from the 'top' works and might be useful for your goal. Also, why not handle the authentication in the backend instead? What specifically isn't working for you? Is it listing the cookies from the iframe or setting them up from there?

[omgharra]

There is also an option to use localStorage
meaning
localStorage.setItem(key,value)
and then getItem(key)

[omgharra]

Please see
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#none

Example: Initially, a random set is followed by a 'get' request, which shows no cookies have been set. However, after executing the highlighted command as suggested in the documentation, the cookie is successfully set:

[joe-statsig]

Thanks for the response @omgharra, we looking to avoid taking a dependency on a Dotnet service and so are trying to accomplish as much of the Fabric logic in Node as possible. Our exisiting Auth flow is implemented in Node and uses cookies to maintain sessions, hence the ask.