On Thu, Oct 10, 2019 at 2:08 PM David Cleary <da...@progress.com> wrote:

> Have a customer asking about this. I see Tomcat supports it here.
> https://tomcat.apache.org/tomcat-9.0-doc/config/cookie-processor.html
>
> We currently use defaults, so I'm looking for an XML fragment and the file
> it goes in to add the samesite attribute to the JSESSIONID. I'm assuming
> they want it globally for all webapps.
>

After Christopher Schultz pointed me in the right direction, I added the
following line to $CATALINA_BASE/conf/context.xml

<CookieProcessor sameSiteCookies="none"></CookieProcessor>

This allowed my JAMstack app to set a JSESSIONID from a REST app running
under Tomcat on a different server.

-- 
"Hell hath no limits, nor is circumscrib'd In one self-place; but where we
are is hell, And where hell is, there must we ever be" --Christopher
Marlowe, *Doctor Faustus* (v. 111-13)

Reply via email to