Reusing cookies in MS-OFBA
Hey!
I open documents with office uri schema (ms-word:ofe|u) and implemented protection of my documents using MS-OFBA in accordance with this documentation. When sending an OPTIONS request, I return X-FORMS_BASED_AUTH_REQUIRED, X-FORMS_BASED_AUTH_RETURN_URL with which the user can successfully authenticate into the application.
Then the office application (in my case it is Word and I tried several versions of Word, they all work quite the same) receives the cookie from the server and starts sending them with each request. This part of the implementation works correctly.
The problem is that when I open a new document, I get the login form again and the cookies are not reused. Because of this, I need to authenticate and fill out a form every time I open a document.
In the MS-OCPROTO documentation in the Additional Considerations section, I see that the client (Word) may not send a cookie to the OPTIONS request, in addition, client creates a new session when it sends an HTTP OPTIONS request.
How can I avoid this problem and make sure that the cookies received during the first login are used when opening other documents on the same server?
Thanks in advance for any help!