tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From S Abirami <s.abir...@ericsson.com.INVALID>
Subject RE: SameSite attribute handling
Date Mon, 06 Jul 2020 16:16:49 GMT
Hi Christopher,

I have used setHeader, addCookie for that also  it is getting twice
Only after, disabling cookie false in context.xml  setHeader for cookie is working.

I tried option also


Regards,
Abirami.S

-----Original Message-----
From: Christopher Schultz <chris@christopherschultz.net> 
Sent: Thursday, July 2, 2020 11:07 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: SameSite attribute handling

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Abirami,

On 7/1/20 03:06, S Abirami wrote:
> We can add the samesite attribute in set-cookie header through 
> context.xml entry in tomcat. Is there any other way, can we add 
> samesite attribute in response of set-cookie header.
Not for Tomcat-generated cookies, and not for cookies added to the response like this:

  response.addCookie(myCookie);

This is because the Servlet API hasn't yet caught up with state-of-the-art.

You can, however, craft your own Set-Cookie response header like this:

  response.addHeader("Set-Cookie", "CookieName=value; SameSite=Strict");

Remember that there are rules about the composition of the cookie's name, value, etc. that
Tomcat enforces for you that you will have to handel yourself.

> I tried with filter by using setHeader but it is sending two 
> set-Cookie header.

Correct: you will have to use *either* setCookie() or setHeader().

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://protect2.fireeye.com/v1/url?k=e0a38852-be03323c-e0a3c8c9-86b1886cfa64-a04f2de4a687fd81&q=1&e=a3c49822-9bd3-43bd-ab88-cf37edfe243e&u=https%3A%2F%2Fwww.enigmail.net%2F

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl7+GyYACgkQHPApP6U8
pFiSqBAAhG9IHJXD4ec6TQD1F2o9CIbRyHSkVYrAl0miT5cz6BkhuqG7uEnpUw66
8m3oe6CCG1syEliyyHM3A7ySXGEYm54otp4A0GRkcK64kd+RwQKKV5JsSp0xFxtG
dqKRtPGKJL7sQ+kaa4Qo2KqAa7ntQFTRVhg44Lofj8usiu/az5Kg6y8gSgQ/3I2Y
n75PCchaMHsilvSIm3sztR6MpoeRXevv7/93LfI1xzyN6Rg1mE0xivKReQfryMeT
sySwz3S1kZgOb3y+xUgSdL0HNSzT+IoKX58UTrMnmnWRS1hnJ30Fu21Nki+ygyZi
iikJCYi8Fv2SjkvQh+klgVMsr/QxYvYIBKof0Tf4n8/gU6ABy9ZVUdiTeezATytT
Kh5r2C6I+nk9/Osl9s9pHauqzQ/evwjPe/d0eJXkHILam09KB6wqnJ4m3Gq9NcYc
S9f5vjTuScncrVn9+GTvr29onrhI8gh7BRTmYehgHaqt7Hl7alLeNV7ccIOjjYOY
qqC+qXDydaHUBBgappAnZnHepNPSKn0kjKhi63gsjoBVXnLmgR7mYUWwmvoPb+/t
E3T5PL73/cjxBNPk/THao0JI+3UoDlQG4rsZL/wxo7q1ZGzbtrbUrr+7Q7pDBY+y
3YhzVFu68xHkH0Tch3UxFn2qvPXToPHNCzSXDi9Dm5IuGf49UKc=
=97wq
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message