Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] SameSite to STRICT
  • From: Sai Sankar Challa <saisankar.c@xxxxxxxxxxxxxxxx>
  • Date: Wed, 14 Jul 2021 16:34:22 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=motivitylabs.com; dmarc=pass action=none header.from=motivitylabs.com; dkim=pass header.d=motivitylabs.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8ZoR9Urlb8SlFqmiWCLrMw05Cdlw74NELuy3imd0ePY=; b=FTNdA4o3L7Am2SUJz4ksdxn05mSs406wpZTvSEjSUZIgxH4xzvCwTeQ3tzTX9NY1SE89acrxl0IwqulC3nBIIa7tS+p10rIvEtM1vFb34fsQpM0vEBzIBQWHbKHhW+jKgpiNOVw/ONTuJBS4+p6oPmW37oj1TLcX3EpbYyBT921Zm1P8o3YP4zV4lw7FzGVurwq0yoRk9e7g/AoICQTiA5qaWUBSml/HxiMXebwV6JhQzj7xcdH30Pzn0mhF0QLNDZ4mkAL5x9zSyEeZCWu3BbxGNNz90seCixjzxWpT7sOrA1fbyNpzlMcF2Wy7KOu8wrIfYKAVL3aG5WR67RL6XQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cdprbNKmTSiGJPbS7X6ICa5sFJshgneCpcp9fClOseFr//NYhuIGE0rUSAvhS4eJNHxVQ+VBPrQReVGq7lEWRKT68GROde2fh+KHWgxNiezwQBsKwVxiUIdOk3RKmXmZBYO6lVbyZ2kx1ufvROIj1O75TuoITO7Ged6lTwcw95iAPJlD6DMBGbaIKTs4UOoAwpuxTsVAGfnSpXmgBOfAxfshO2pDfW4BvDmLPaBno7Kozeau2Exrqq4EGBT+po+GWewAjHMDz4osCRzKornKH4SREeFHCwQtyw9BdFAbgDqQP8wpuRDWVRU1eaM/jDBcOjzymDpDLqxK7/zDqwsYZw==
  • Delivered-to: jetty-users@xxxxxxxxxxx
  • List-archive: <https://www.eclipse.org/mailman/private/jetty-users/>
  • List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
  • List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
  • List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
  • Thread-index: Add4tdcAS9eH5mhgQFikE+fa8TbQAAAFhfCAAAB7dpA=
  • Thread-topic: [jetty-users] SameSite to STRICT

Thanks for the response.

 

I am assuming this done by Jetty Server.

 

The URL we are trying is the very first URL i.e., login page, post login we do have filter classes where we are doing some modifications.

 

Thanks

Sai

 

 

From: Joakim Erdfelt <joakim@xxxxxxxxxxx>
Sent: Wednesday, July 14, 2021 9:49 PM
To: JETTY user mailing list <jetty-users@xxxxxxxxxxx>
Cc: Sai Sankar Challa <saisankar.c@xxxxxxxxxxxxxxxx>
Subject: Re: [jetty-users] SameSite to STRICT

 

What does the actual HTTP Response that created that JSESSIONID look like?


Joakim Erdfelt / joakim@xxxxxxxxxxx

 

 

On Wed, Jul 14, 2021 at 11:07 AM Sai Sankar Challa via jetty-users <jetty-users@xxxxxxxxxxx> wrote:

Hi Team

 

We upgraded our Jetty version to 9.4.38.v20210224 and we want to Set 'SameSite' attribute to 'Strict'  in JSESSIONID for our portal security .

 

We made the code changes as per below in our web.xml and still not seeing any difference.

 

  <session-config>

    <cookie-config>

     <http-only>false</http-only>

     <secure>false</secure>

     <comment>__SAME_SITE_STRICT__</comment>

    </cookie-config>

  </session-config>

 

Browser Cookie

 

 

Can you please through some idea to get this done .

 

Thanks

Sai

 

 

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users

Back to the top