Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-dev] Unable to Add SameSite Cookie Attribute Value in Jetty 12 with Java 17

The class `org.eclipse.jetty.session.SessionHandler` is only intended for non-servlet api code, but you say you have a an old servlet api 2.5 webapp that you want to deploy.  You should be using one of the `ee` modules. The servlet api is backwardly compatible, but the environment with the most similarity - ie retains the javax.servlet package names - are the `ee8` modules, which would lead you to use the `org.eclipse.jetty.ee8.servlet.SessionHandler` to configure things like SameSite.

Jan

On Fri, 6 Sept 2024 at 01:03, Shrinivas Rudrawar via jetty-dev <jetty-dev@xxxxxxxxxxx> wrote:
Dear Team,

Our application was able to configure the SameSite cookie attribute value through web.xml when using Jetty 9:
<session-config>
    <cookie-config>
        <http-only>true</http-only>
        <comment>__SAME_SITE_STRICT__</comment>
    </cookie-config>
</session-config>


However, after migrating to Jetty 12, this configuration no longer works through web.xml. It appears that this method of configuration has been removed in Jetty 12. In jetty documentation does not found valid alternative for this setup.

I attempted to set the SameSite value using SessionHandler in jetty.xml, but was unable to pass a String value to the setSameSite method. I tried the following configuration:

<Set name="handler">
    <New id="SessionHandler" class="org.eclipse.jetty.session.SessionHandler">
        <Set name="sameSite">Lax</Set>
    </New>
</Set>

This resulted in the following error:
java.lang.NoSuchMethodException: class org.eclipse.jetty.session.SessionHandler.setSameSite(class java.lang.String). Found setters for org.eclipse.jetty.http.HttpCookie$SameSite


Our application uses the following setup:
Java 17
Jetty 12 as the server
Servlet API version 2.5
Since our application relies on legacy code, we cannot upgrade to a newer version of the Servlet API.


Thanks,
Shrinivas
_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-dev


--
Jan Bartel <janb@xxxxxxxxxxx>
www.webtide.com
Expert assistance from the creators of Jetty and CometD


Back to the top