Tomcat's context.xml defines CookieProcessor (default LegacyCookieProcessor)
https://tomcat.apache.org/tomcat-9.0-doc/config/cookie-processor.html
I'm trying to add attribute(s) shown on cookie processor, however that doesn't seems to be working
I don't see Tomcat's response header cookie with sameSite attribute being set
In your web application, inside the META-INF folder create a context.xml file with this inside.
<Context>
<CookieProcessor sameSiteCookies="strict" />
</Context>
If you already have a context.xml file, you just need to add the CookieProcessor element.
This behavior is possible since Tomcat 9.0.21 and 8.5.42, or 9.0.28 and 8.5.48 if you need to set the attribute to "none".
Merged into Tomcat master on 20th of May 2019 with pull request 162
Found answer to this :
<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" sameSiteCookies="strict" />
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With