Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-dev] Unable to Add SameSite Cookie Attribute Value in Jetty 12 with Java 17

Dear Team,

Our application was able to configure the SameSite cookie attribute value through web.xml when using Jetty 9:
<session-config>
    <cookie-config>
        <http-only>true</http-only>
        <comment>__SAME_SITE_STRICT__</comment>
    </cookie-config>
</session-config>


However, after migrating to Jetty 12, this configuration no longer works through web.xml. It appears that this method of configuration has been removed in Jetty 12. In jetty documentation does not found valid alternative for this setup.

I attempted to set the SameSite value using SessionHandler in jetty.xml, but was unable to pass a String value to the setSameSite method. I tried the following configuration:

<Set name="handler">
    <New id="SessionHandler" class="org.eclipse.jetty.session.SessionHandler">
        <Set name="sameSite">Lax</Set>
    </New>
</Set>

This resulted in the following error:
java.lang.NoSuchMethodException: class org.eclipse.jetty.session.SessionHandler.setSameSite(class java.lang.String). Found setters for org.eclipse.jetty.http.HttpCookie$SameSite


Our application uses the following setup:
Java 17
Jetty 12 as the server
Servlet API version 2.5
Since our application relies on legacy code, we cannot upgrade to a newer version of the Servlet API.


Thanks,
Shrinivas

Back to the top