You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by ShengChe Hsiao <fr...@gmail.com> on 2019/12/16 02:19:10 UTC
Cookie SameSite issue
Dear all
Recently, I found chrome's developer console shows alert about
cookie SameSite...
A cookie associated with a cross-site resource at https://xxxxxxx.xxxx.xxxx/
was set without the `SameSite` attribute. A future release of Chrome will
only deliver cookies with cross-site requests if they are set with
`SameSite=None` and `Secure`. You can review cookies in developer tools
under Application>Storage>Cookies and see more details at
https://www.chromestatus.com/feature/5088147346030592 and
https://www.chromestatus.com/feature/5633521622188032.
Since servlet spec doesn't support this property, how can I deal with it?
--------------------------------------------------------------------
----------------------------------->
To boldly go where no man has gone before.
--------------------------------------------------------------------
----------------------------------->
We do this not because it is easy. We do this because it is hard.
-----------------------------------------------------------------
-------------------------------------->
If I have seen further it is by standing on the shoulders of giants.
----------------------------------------------------------
--------------------------------------------->
front713@gmail.com
--------------------------------------------------------------------------------------------->
Re: Cookie SameSite issue
Posted by Shengche Hsiao <sh...@gmail.com>.
Thank you, I'll try~
On Thu, Jan 23, 2020 at 5:30 PM NLogan <na...@gmail.com> wrote:
> To set SameSite only on JSESSIONID you can do
>
> *Header edit Set-Cookie ^(JSESSIONID.*)$ $1;HttpOnly;Secure;SameSite=None*
>
> It works for me
>
>
> Got the syntax from :
>
> https://stackoverflow.com/questions/53762523/setting-the-samesite-attribute-on-the-jsessionid-cookie-using-apache-config
> https://dino.ciuffetti.info/2011/03/jsessionid-cookie-path-mod_headers/
>
> --
> Sent from:
> http://apache-wicket.1842946.n4.nabble.com/Users-forum-f1842947.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
--
----------------------------------------------------------------------->
We do this not because it is easy. We do this because it is hard.
----------------------------------------------------------------------->
ShengChe Hsiao
----------------------------------------------------------------------->
front713@gmail.com
front713@tc.edu.tw
----------------------------------------------------------------------->
VoIP : 070-910-2450
----------------------------------------------------------------------->
Re: Cookie SameSite issue
Posted by NLogan <na...@gmail.com>.
To set SameSite only on JSESSIONID you can do
*Header edit Set-Cookie ^(JSESSIONID.*)$ $1;HttpOnly;Secure;SameSite=None*
It works for me
Got the syntax from :
https://stackoverflow.com/questions/53762523/setting-the-samesite-attribute-on-the-jsessionid-cookie-using-apache-config
https://dino.ciuffetti.info/2011/03/jsessionid-cookie-path-mod_headers/
--
Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-f1842947.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Cookie SameSite issue
Posted by Shengche Hsiao <sh...@gmail.com>.
Actually I want to set jsessionid with SameSite, but I don't now how to do
that.....
On Mon, Dec 16, 2019 at 2:53 PM Sven Meier <sv...@meiers.net> wrote:
> Hi,
>
> the Servlet spec doesn't support the "sameSite" attribute yet. You can
> explicitly set a cookie header instead.
> Or instruct Tomcat to add the attribute for you:
>
>
> https://stackoverflow.com/questions/57505939/how-to-set-samesite-cookie-in-tomcats-cookie-processor
>
> Have fun
> Sven
>
>
> Am 16. Dezember 2019 03:19:10 MEZ schrieb ShengChe Hsiao <
> front713@gmail.com>:
> >Dear all
> >
> >Recently, I found chrome's developer console shows alert about
> >cookie SameSite...
> >A cookie associated with a cross-site resource at
> >https://xxxxxxx.xxxx.xxxx/
> >was set without the `SameSite` attribute. A future release of Chrome
> >will
> >only deliver cookies with cross-site requests if they are set with
> >`SameSite=None` and `Secure`. You can review cookies in developer tools
> >under Application>Storage>Cookies and see more details at
> >https://www.chromestatus.com/feature/5088147346030592 and
> >https://www.chromestatus.com/feature/5633521622188032.
> >
> >Since servlet spec doesn't support this property, how can I deal with
> >it?
> >
> >
> >--------------------------------------------------------------------
> >----------------------------------->
> >To boldly go where no man has gone before.
> >--------------------------------------------------------------------
> >----------------------------------->
> >We do this not because it is easy. We do this because it is hard.
> >-----------------------------------------------------------------
> >-------------------------------------->
> >If I have seen further it is by standing on the shoulders of giants.
> >----------------------------------------------------------
> >--------------------------------------------->
> >front713@gmail.com
>
> >--------------------------------------------------------------------------------------------->
>
--
----------------------------------------------------------------------->
We do this not because it is easy. We do this because it is hard.
----------------------------------------------------------------------->
ShengChe Hsiao
----------------------------------------------------------------------->
front713@gmail.com
front713@tc.edu.tw
----------------------------------------------------------------------->
VoIP : 070-910-2450
----------------------------------------------------------------------->
Re: Cookie SameSite issue
Posted by Shengche Hsiao <sh...@gmail.com>.
I solve it with add header.conf on apache httpd server
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=None
On Mon, Dec 16, 2019 at 2:53 PM Sven Meier <sv...@meiers.net> wrote:
> Hi,
>
> the Servlet spec doesn't support the "sameSite" attribute yet. You can
> explicitly set a cookie header instead.
> Or instruct Tomcat to add the attribute for you:
>
>
> https://stackoverflow.com/questions/57505939/how-to-set-samesite-cookie-in-tomcats-cookie-processor
>
> Have fun
> Sven
>
>
> Am 16. Dezember 2019 03:19:10 MEZ schrieb ShengChe Hsiao <
> front713@gmail.com>:
> >Dear all
> >
> >Recently, I found chrome's developer console shows alert about
> >cookie SameSite...
> >A cookie associated with a cross-site resource at
> >https://xxxxxxx.xxxx.xxxx/
> >was set without the `SameSite` attribute. A future release of Chrome
> >will
> >only deliver cookies with cross-site requests if they are set with
> >`SameSite=None` and `Secure`. You can review cookies in developer tools
> >under Application>Storage>Cookies and see more details at
> >https://www.chromestatus.com/feature/5088147346030592 and
> >https://www.chromestatus.com/feature/5633521622188032.
> >
> >Since servlet spec doesn't support this property, how can I deal with
> >it?
> >
> >
> >--------------------------------------------------------------------
> >----------------------------------->
> >To boldly go where no man has gone before.
> >--------------------------------------------------------------------
> >----------------------------------->
> >We do this not because it is easy. We do this because it is hard.
> >-----------------------------------------------------------------
> >-------------------------------------->
> >If I have seen further it is by standing on the shoulders of giants.
> >----------------------------------------------------------
> >--------------------------------------------->
> >front713@gmail.com
>
> >--------------------------------------------------------------------------------------------->
>
--
----------------------------------------------------------------------->
We do this not because it is easy. We do this because it is hard.
----------------------------------------------------------------------->
ShengChe Hsiao
----------------------------------------------------------------------->
front713@gmail.com
front713@tc.edu.tw
----------------------------------------------------------------------->
VoIP : 070-910-2450
----------------------------------------------------------------------->
Re: Cookie SameSite issue
Posted by Sven Meier <sv...@meiers.net>.
Hi,
the Servlet spec doesn't support the "sameSite" attribute yet. You can explicitly set a cookie header instead.
Or instruct Tomcat to add the attribute for you:
https://stackoverflow.com/questions/57505939/how-to-set-samesite-cookie-in-tomcats-cookie-processor
Have fun
Sven
Am 16. Dezember 2019 03:19:10 MEZ schrieb ShengChe Hsiao <fr...@gmail.com>:
>Dear all
>
>Recently, I found chrome's developer console shows alert about
>cookie SameSite...
>A cookie associated with a cross-site resource at
>https://xxxxxxx.xxxx.xxxx/
>was set without the `SameSite` attribute. A future release of Chrome
>will
>only deliver cookies with cross-site requests if they are set with
>`SameSite=None` and `Secure`. You can review cookies in developer tools
>under Application>Storage>Cookies and see more details at
>https://www.chromestatus.com/feature/5088147346030592 and
>https://www.chromestatus.com/feature/5633521622188032.
>
>Since servlet spec doesn't support this property, how can I deal with
>it?
>
>
>--------------------------------------------------------------------
>----------------------------------->
>To boldly go where no man has gone before.
>--------------------------------------------------------------------
>----------------------------------->
>We do this not because it is easy. We do this because it is hard.
>-----------------------------------------------------------------
>-------------------------------------->
>If I have seen further it is by standing on the shoulders of giants.
>----------------------------------------------------------
>--------------------------------------------->
>front713@gmail.com
>--------------------------------------------------------------------------------------------->