Dear Team,
Our application was able to configure the SameSite cookie attribute value through web.xml when using Jetty 9:
<session-config>
<cookie-config>
<http-only>true</http-only>
<comment>__SAME_SITE_STRICT__</comment>
</cookie-config>
</session-config>
However, after migrating to Jetty 12, this configuration no longer works through web.xml. It appears that this method of configuration has been removed in Jetty 12. In jetty documentation does not found valid alternative for this setup.
I attempted to set the SameSite value using SessionHandler in jetty.xml, but was unable to pass a String value to the setSameSite method. I tried the following configuration:
<Set name="handler">
<New id="SessionHandler" class="org.eclipse.jetty.session.SessionHandler">
<Set name="sameSite">Lax</Set>
</New>
</Set>
This resulted in the following error:
java.lang.NoSuchMethodException: class org.eclipse.jetty.session.SessionHandler.setSameSite(class java.lang.String). Found setters for org.eclipse.jetty.http.HttpCookie$SameSite
Our application uses the following setup:
Java 17
Jetty 12 as the server
Servlet API version 2.5
Since our application relies on legacy code, we cannot upgrade to a newer version of the Servlet API.
Thanks,
Shrinivas
_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-dev