That's strange. I was not aware the proposal had expired. I've been working off of a few pages as it seemed Chrome/Edge were moving forward with Firefox at least showing positive support without committing.
https://developer.chrome.com/en/docs/privacy-sandbox/third-party-cookie-phase-out/ (October 2023) https://github.com/mozilla/standards-positions/issues/678 (Firefox showing positive support, last updated 2022) https://developer.mozilla.org/en-US/docs/Web/Privacy/Partitioned_cookies https://github.com/privacycg/CHIPS Adam ________________________________ From: Chuck Caldarale <n82...@gmail.com> Sent: Wednesday, November 15, 2023 9:48 AM To: Tomcat Users List <users@tomcat.apache.org> Subject: [EXTERNAL] - Re: Partitioned cookies CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you feel that the email is suspicious, please report it using PhishAlarm. On Nov 15, 2023, at 08:06, Adam Warfield <awarf...@opentext.com.INVALID> wrote: The Rfc6265CookieProcessor supports setting the SameSite cookie attribute but starting in 2024, browsers will begin enforcing the newer "Partitioned" attribute for third-party cookies. Is there a way to set this attribute within Tomcat for things like the JSESSIONID and XSRF-TOKEN cookies? This affects any webapps that are embedded within iframes across domains where those cookies will be rejected if not partitioned. Looks like the CHIPS proposal: Cookies Having Independent Partitioned State specification<https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-cutler-httpbis-partitioned-cookies/__;!!Obbck6kTJA!ZbFXogBE-lmZ3xovqF3YsoKYNLtMlNnrsEiA_SfTTvGWShrjsmioTAiQofWo4Ir5w1x4v6JfFDVDzeQ$> datatracker.ietf.org<https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-cutler-httpbis-partitioned-cookies/__;!!Obbck6kTJA!ZbFXogBE-lmZ3xovqF3YsoKYNLtMlNnrsEiA_SfTTvGWShrjsmioTAiQofWo4Ir5w1x4v6JfFDVDzeQ$> [ietf-logo-nor-180.png]<https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-cutler-httpbis-partitioned-cookies/__;!!Obbck6kTJA!ZbFXogBE-lmZ3xovqF3YsoKYNLtMlNnrsEiA_SfTTvGWShrjsmioTAiQofWo4Ir5w1x4v6JfFDVDzeQ$> expired this past May and no updated version has been submitted to IETF. Is there some other active standards document describing cookie partitioning? - Chuck
