tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject SameSite cookies
Date Fri, 08 Nov 2019 15:04:26 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

All,

I'm looking at using "samesite" cookies within my application. It
looks as simple as setting the "sameSite" attribute appropriately on
the CookieProcessor for the <Context>, which isn't there in a default
configuration. So you just have to add it:

<Context [...]>

   <CookieProcessor sameSiteCookies="lax" />

</Context>

Cool, now my JSESSIONID cookies are coming back with the SameSite=Lax
parameter.

But it also applies to all the other cookies my application creates.
It looks like there is no way to set/reset this parameter on an
individual-cookie basis. That would require a change to the Servlet
API, right?

I'm okay with SameSite being applied to ALL my cookies, but maybe not
everybody is. Are there any workarounds for this?

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl3Fg/kACgkQHPApP6U8
pFjfYg/+LSQ1WHvr/Ds7yskd3C7AFF5jBZaNPO4+I3M+5urpQqvy0Gk2use136rA
rEoct2iTauj2PY9oIplMUqFuaeiOiO5e0VE5//jp7FhnBe4yRxI0mUGzkvX/d/3j
e37Hm257iiteJ7q19b0uCTd867ZD2dyxupZYHaNQpeviiV+kyGwsv9KupHeIDpyk
E2AvZ/lIsRQ6tJ0jkNWiHBlpNgXVhIdabJ9WJHFbaqQ4oHPhcKZaMvthoDFnUKGS
JpyZjmP9TbNjIWE2I2zhwkKC4lTsiHkpeyccR/UC1V4SQs63rUxpGRCGjQ/Jk4p9
o6nCfI9zJuH3nsAV/sGasXuoPwzDpszsZT8Q8feun9jmfLz6aHynDR2b65Xq1dwc
OjPX/5QSk6TrlgXQ0jnqlfIhWp1A9e8OF2HUEKW1XgmNFu5CWlsUSYdHlsMBNEF2
gaciDa1IvYDnfmawJPgXxSUu6csBboiqRsr4RvCcjCSm4mERkcIm8UsYUHJG+c7Z
IhWc3pszJ5e/IV/w1iVZK34JL+qZcTImR9gThViNJnECW7Y7E5xbYBTOqxkjUUFR
6AUvtaW9vMZe1ArsZKKWdpb1f/DjK70KeQsyVcK8zhYbQb8uSI818vo6LV7andpU
bfifGiSSWuT1ZHdwMOaCrIf++ew1xc45yPb4qsZqTQ95jkuHhng=
=QbXx
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message