On Thu, Oct 10, 2019 at 2:08 PM David Cleary <da...@progress.com> wrote:
> Have a customer asking about this. I see Tomcat supports it here. > https://tomcat.apache.org/tomcat-9.0-doc/config/cookie-processor.html > > We currently use defaults, so I'm looking for an XML fragment and the file > it goes in to add the samesite attribute to the JSESSIONID. I'm assuming > they want it globally for all webapps. > After Christopher Schultz pointed me in the right direction, I added the following line to $CATALINA_BASE/conf/context.xml <CookieProcessor sameSiteCookies="none"></CookieProcessor> This allowed my JAMstack app to set a JSESSIONID from a REST app running under Tomcat on a different server. -- "Hell hath no limits, nor is circumscrib'd In one self-place; but where we are is hell, And where hell is, there must we ever be" --Christopher Marlowe, *Doctor Faustus* (v. 111-13)