AWS Security ChangesHomeSearch

AWS cognito documentation change

Service: cognito · 2025-03-23 · Documentation medium

File: cognito/latest/developerguide/cognito-user-pools-managed-login.md

Summary

Updated URLs and added CSRF cookie documentation

Security assessment

Adds documentation about CSRF protection cookies and corrects authentication URLs, but no evidence of addressing a specific vulnerability.

Diff

diff --git a/cognito/latest/developerguide/cognito-user-pools-managed-login.md b/cognito/latest/developerguide/cognito-user-pools-managed-login.md
index e0ce5d2f8..a6d39066c 100644
--- a/cognito/latest/developerguide/cognito-user-pools-managed-login.md
+++ b/cognito/latest/developerguide/cognito-user-pools-managed-login.md
@@ -154 +154 @@ You can view your sign-in webpage with the following URL for the implicit code g
-                https://mydomain.us-east-1.amazoncognito.com/authorize?response_type=token&client_id=1example23456789&redirect_uri=https://mydomain.example.com
+                https://mydomain.auth.us-east-1.amazoncognito.com/authorize?response_type=token&client_id=1example23456789&redirect_uri=https://mydomain.example.com
@@ -162 +162 @@ The following is an example response from an implicit grant request.
-                https://mydomain.example.com/#id_token=eyJraaBcDeF1234567890&access_token=eyJraGhIjKlM1112131415&expires_in=3600&token_type=Bearer  
+                https://auth.example.com/#id_token=eyJraaBcDeF1234567890&access_token=eyJraGhIjKlM1112131415&expires_in=3600&token_type=Bearer  
@@ -219,0 +220,2 @@ Managed login and the hosted UI set cookies in users' browsers. The cookies conf
+  * A `csrf-state-legacy` cookie for session consistency, read by Amazon Cognito as a fallback when your browser doesn't have support for the `SameSite` attribute.
+