Skip to main content
Vol. I · No. 1

The Identity at the Core

The Definitive Chronicle of Identity & Access Management

Breach: BREACH: Major healthcare provider confirms 2.3M patient records exposed via misconfigured SCIM endpointVulnerability: CVE-2026-31847: Critical RCE in FortiAuthenticator — CVSS 9.8 — Patch immediatelyBreach: BREACH: European fintech platform leaks OAuth tokens affecting 890K usersAdvisory: ADVISORY: CISA warns of active exploitation of SAML implementation flaws in enterprise SSO productsBreach: BREACH: Major healthcare provider confirms 2.3M patient records exposed via misconfigured SCIM endpointVulnerability: CVE-2026-31847: Critical RCE in FortiAuthenticator — CVSS 9.8 — Patch immediatelyBreach: BREACH: European fintech platform leaks OAuth tokens affecting 890K usersAdvisory: ADVISORY: CISA warns of active exploitation of SAML implementation flaws in enterprise SSO products

BREACH: Major healthcare provider confirms 2.3M patient records exposed via misconfigured SCIM endpoint

CVE-2026-31847: Critical RCE in FortiAuthenticator — CVSS 9.8 — Patch immediately

BREACH: European fintech platform leaks OAuth tokens affecting 890K users

Legal

Cookie Notice

Last updated: May 5, 2026

We try to keep things lean. Identity at the Core uses only essential cookies — the ones strictly necessary to deliver the service you asked for. We do not use advertising cookies, marketing pixels, or third-party trackers.

1. What is a cookie?

A cookie is a small text file a website stores on your device. Cookies let a site remember things across page loads — for example, that you're signed in. Some cookies are set by the site itself (first-party); others come from external services the site embeds (third-party).

2. Cookies we set

The table below lists every cookie we set, why we set it, and how long it lives. We do not set any cookie not listed here.

CookiePurposeDurationType
next-auth.session-token
__Secure-next-auth.session-token		Authenticates your signed-in session. Without this you cannot stay logged in.24 hoursEssential
next-auth.csrf-token
__Host-next-auth.csrf-token		Cross-site request forgery protection during sign-in flow. Required for security.SessionEssential
next-auth.callback-url
__Secure-next-auth.callback-url		Remembers where to send you after a successful sign-in.SessionEssential
__stripe_mid
__stripe_sid		Set by Stripe only when you initiate a donation. Used for fraud prevention on the payment form.1 year / 30 minEssential (third-party)

3. What we do not use

4. Why no cookie banner?

Under GDPR, ePrivacy, and PIPEDA, you only need explicit consent for non-essentialcookies. Since we use only essential cookies — the ones required to deliver functionality you actively requested (signing in, paying for a donation) — no consent banner is required. Banners exist to ask permission for tracking we don't do.

5. Managing cookies

You can clear or block cookies through your browser settings. Doing so will sign you out and may prevent donations from completing, but the rest of the site works without cookies.

6. Changes to this notice

If we ever introduce a non-essential cookie (we have no plans to), we will update this page and ask for your consent before setting it. The "Last updated" date at the top of this page reflects the most recent revision.

7. Contact

Questions about this notice? Email privacy@identityatcore.org.

See also our Privacy Policy and Terms of Service.

site:cookies | Identity at the Core