You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "M. Manna" <ma...@gmail.com> on 2019/10/22 14:34:27 UTC

SameSite Cookie Setup Not Working

Hello,

As per the official documentation, I setup my same site cookie using
Rfc62665CookieProcessor and set everything in "strict" mode.

However, when I restarted my server, I only see httpOnly, secure - but not
SameSite checked under browser's developer console.

Could someone please help me understand whether something has been missed
at my side? And yes, I am using tomcat 8.5.45 (as I read that it's been
since 8.5.42). Otherwise, cataina bootstrapping would simply say that
there's no samesitecookies attribute.

Regards,

Re: SameSite Cookie Setup Not Working

Posted by "M. Manna" <ma...@gmail.com>.

Apologies, but got this resolved. the httpOly attribute was missing from
one of the apps. I have now set it globally for all my apps.

Thanks,

On Tue, 22 Oct 2019 at 15:34, M. Manna <ma...@gmail.com> wrote:

> Hello,
>
> As per the official documentation, I setup my same site cookie using
> Rfc62665CookieProcessor and set everything in "strict" mode.
>
> However, when I restarted my server, I only see httpOnly, secure - but not
> SameSite checked under browser's developer console.
>
> Could someone please help me understand whether something has been missed
> at my side? And yes, I am using tomcat 8.5.45 (as I read that it's been
> since 8.5.42). Otherwise, cataina bootstrapping would simply say that
> there's no samesitecookies attribute.
>
> Regards,
>