Chintagious commented on issue #162: Add support for same-site cookie attribute URL: https://github.com/apache/tomcat/pull/162#issuecomment-579392207 @simonsteiner1984 - I needed a solution to set `SameSite=None` for my `JSESSIONID` cookie only; so I made filter based off of the answer here: https://stackoverflow.com/questions/17991090/tomcat-7-sessionid-cookie-disable-http-only-and-secure You can likely adapt it as needed for your issue. If you look at the answer, I've kept everything the same except for the `updateCookie()`, which looks like: ```java protected void updateCookie(Collection<String> cookiesAfterCreateSession) { if(cookiesAfterCreateSession != null && !response.isCommitted()) { // search if a cookie JSESSIONID and SameSite not set Optional<String> cookieJSessionId = cookiesAfterCreateSession.stream() .filter(cookie -> cookie.startsWith("JSESSIONID") && !cookie.contains("SameSite")) .findAny(); if(cookieJSessionId.isPresent()) { // remove all Set-Cookie and add the SameSite version of the JSESSIONID Cookie response.setHeader("Set-Cookie", cookieJSessionId.get() + ";SameSite=None"); // re-add all other Cookies cookiesAfterCreateSession.stream() .filter(cookie -> !cookie.startsWith("JSESSIONID")) .forEach(cookie -> response.addHeader("Set-Cookie", cookie)); } } } ```
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
