> All, > > I'm looking at using "samesite" cookies within my application. It > looks as simple as setting the "sameSite" attribute appropriately on > the CookieProcessor for the <Context>, which isn't there in a default > configuration. So you just have to add it: > > <Context [...]> > > <CookieProcessor sameSiteCookies="lax" /> > > </Context> > > Cool, now my JSESSIONID cookies are coming back with the SameSite=Lax > parameter. > > But it also applies to all the other cookies my application creates. > It looks like there is no way to set/reset this parameter on an > individual-cookie basis. That would require a change to the Servlet > API, right?
That would be one way to implement it - and then the app would have to (un)set it. Per Cookie configuration in CookieProcessor would be another way. I haven't thought about how that might be implemented though. > I'm okay with SameSite being applied to ALL my cookies, but maybe not > everybody is. Are there any workarounds for this? Manually write your own cookie header. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
