Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-dev] Unable to Add SameSite Cookie Attribute Value in Jetty 12 with Java 17

Hi,

On Thu, Sep 5, 2024 at 5:10 PM Shrinivas Rudrawar via jetty-dev
<jetty-dev@xxxxxxxxxxx> wrote:
>
> Dear Team,
>
> Our application was able to configure the SameSite cookie attribute value through web.xml when using Jetty 9:
> <session-config>
>     <cookie-config>
>         <http-only>true</http-only>
>         <comment>__SAME_SITE_STRICT__</comment>
>     </cookie-config>
> </session-config>
>
>
> However, after migrating to Jetty 12, this configuration no longer works through web.xml. It appears that this method of configuration has been removed in Jetty 12. In jetty documentation does not found valid alternative for this setup.
>
> I attempted to set the SameSite value using SessionHandler in jetty.xml, but was unable to pass a String value to the setSameSite method. I tried the following configuration:
>
> <Set name="handler">
>     <New id="SessionHandler" class="org.eclipse.jetty.session.SessionHandler">
>         <Set name="sameSite">Lax</Set>
>     </New>
> </Set>
>
> This resulted in the following error:
> java.lang.NoSuchMethodException: class org.eclipse.jetty.session.SessionHandler.setSameSite(class java.lang.String). Found setters for org.eclipse.jetty.http.HttpCookie$SameSite
>
>
> Our application uses the following setup:
> Java 17
> Jetty 12 as the server
> Servlet API version 2.5
> Since our application relies on legacy code, we cannot upgrade to a newer version of the Servlet API.

Please open an issue with the content of this email, and please
specify what EE environment you are using (ee8, ee9, etc.).
https://github.com/jetty/jetty.project/issues

Thanks
-- 
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.


Back to the top