How to build your IdP/SP environment without the security weakness of cookies?