The problem is that I cannot make it from within the application. I have no
control on the application, only on the server, so I have to be able to set
the cookie either in a server configuration or in a component which will
reside in the server. I am concerned particularly with the SmaeSite
attribute of the JSESSIONID cookie because of the new behavior of Chrome 80
-  https://www.chromestatus.com/feature/5088147346030592. I was considering
to have a valve which modifies the Set-Cookie header. But I if the
application flushes the output stream the headers will be written to the
socket and the valve will not have the chance to modify the cookie.

Lazar

On Tue, Jan 28, 2020 at 5:27 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> John,
>
> On 1/27/20 9:37 AM, John Dale wrote:
> > Over the years I found it more productive to manage my own headers
> > for the most part.
> >
> > The key for us has been keeping the code clean and manageable.
>
> +1
>
> But there isn't any reason not to use Tomcat's header parsing. If you
> have anything that could be considered odd, you should encode it in a
> safe way that doesn't require that you play other games with the
> cookie value.
>
> For example, base64 encoding a cookie value should make it
> header-safe, as long as you make sure to use a base64 encoder that
> doesn't add newlines.
>
> - -chris
>
> > On 1/27/20, Lazar Kirchev <lazar.kirc...@gmail.com> wrote:
> >> Hello,
> >>
> >> In Tomcat >= 8 there is the CookieProcessor in which cookie
> >> configurations could be made, including for SameSite cookie. Is
> >> there any way to configure this in Tomcat 7? Or the only way is
> >> to configure it manually in code?
> >>
> >> Kind regards, Lazar
> >>
> >
> > ---------------------------------------------------------------------
> >
> >
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4wUtwACgkQHPApP6U8
> pFi+NRAAhLyyE3tQuxUnkDEfBWD/myhclfgBtij85I/ovcYKqG1vZ13k4il4Ti2u
> eybk7C59WXnoaoiCL59JU/fC3a+p/hnK404FEH51iQ6TybSOC4BQjrzojiDCKSgi
> w0enCMkmbrEJNAYmg9SH4aqtet1tbxSMTjvEwHCxog3W1LEFeB2GXz9zvxyUQ82m
> Z1cSVjPn0sgzlV1UwABJnnxxveke2oH+CXpNtWR4eY/EjO3aC/sHfHJPyxNGFfUy
> xiT+S8Mv5K53M5Uz4+CGDIUWpu1/IwhRCtrS4FynMgm+l+ukPkdh96tlEfHx4mUF
> k+qo7vLcpq674QyYfPw94vRJ2BolwnoEtvPpIpNGa96QP1otP5WbJo+msr49pa/h
> +KLVw/nByH6+lv/K/Zt2bL/emKwoc+0Zb7eqEdJnOPBMXyXlSqoU5XHxpc6UFNA/
> zCjXCRV/A0pXuHZDFXpjKS0tnwDj7fUsPuHHK8kol10ZhjZ672NLoXt5sFMiqXk9
> tWk2bnUfTxxJaO13g86bIKLIch2UiSw2Dtg3qtbEHjm1VxTEscaJnFkX5I606x2d
> LW9dNhnBG4bEOt22sCb+iI5duw5HezDPVNUN4AsHizu3bZQlJIt/dOHJFXppyCfm
> 53+tZGs9veAG8Vlz3/DbLdTod92pxX6gGbmjJsU3TonPc4mMdNY=
> =UIAx
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Reply via email to