Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to set SameSite Cookie in Tomcat's Cookie Processor?

Tomcat's context.xml defines CookieProcessor (default LegacyCookieProcessor)

https://tomcat.apache.org/tomcat-9.0-doc/config/cookie-processor.html

I'm trying to add attribute(s) shown on cookie processor, however that doesn't seems to be working

I don't see Tomcat's response header cookie with sameSite attribute being set

like image 237
Puneri Avatar asked Aug 15 '19 07:08

Puneri


Video Answer


2 Answers

In your web application, inside the META-INF folder create a context.xml file with this inside.

<Context>
   <CookieProcessor sameSiteCookies="strict" />
</Context>

If you already have a context.xml file, you just need to add the CookieProcessor element.

This behavior is possible since Tomcat 9.0.21 and 8.5.42, or 9.0.28 and 8.5.48 if you need to set the attribute to "none".

Merged into Tomcat master on 20th of May 2019 with pull request 162

like image 170
Ivan Tsenov Avatar answered Oct 21 '22 00:10

Ivan Tsenov


Found answer to this :

  1. edit tomcat/conf/context.xml
  2. update CookieProcessor element on following lines say for setting SameSiteCookies in HTTP response headers's set-cookie.

<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" sameSiteCookies="strict" />

like image 1
Puneri Avatar answered Oct 20 '22 22:10

Puneri