Hi Chris,
> The SameSite attribute should be ignored by browsers that do not support it. Which browser are you trying to work-around? You can find more information about the incompatible browsers here: https://www.chromium.org/updates/same-site/incompatible-clients >The newer cookie parser is much more strict. Can you be more specific about what you need? Thanks for the clarification as this was not clear from the documentation. We’ve been using the LegacyCookieProcessor quite some time and the switch to the other processor might be a bit disruptive for our customers but we’ll consider it for our next major version. Meanwhile do you think LegacyCookieProcessor could be changed to non final? Best Regards, Polina On Wed, Jan 20, 2021 at 11:45 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > Polina, > > On 1/20/21 04:24, Polina Georgieva wrote: > >> I'm curious: what customization do you need, here? > > > > We’d like to override the generateHeader(Cookie cookie, > > HttpServletRequest request) because we need to centrally handle the > > addition of the sameSite cookie attribute of the session cookie as > > some old browser versions do not support the sameSite cookie > > attribute. For them the adding of this attribute should be skipped. > > The SameSite attribute should be ignored by browsers that do not support > it. Which browser are you trying to work-around? > > >> Why do you need the legacy cookie processor? > > > > We use the LegacyCookieProcessor as it is with more strict > > interpretation of the cookie specifications and provides additional > > configurations if needed. > > The newer cookie parser is much more strict. Can you be more specific > about what you need? > > -chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
