Uploaded image for project: 'Hippo CMS'
  1. Hippo CMS
  2. CMS-13510

SameSite attribute is missing for JSESSIONID for Cargo.run local development

    XMLWordPrintable

Details

    • Bug
    • Status: New
    • Normal
    • Resolution: Unresolved
    • None
    • None
    • None

    Description

      Add SameSite attribute to the JSESSIONID.

      For /cms and /site

      Technical details

      AFAIK, there is no way via the http servlet spec to set the SameSite flag, hence it should be handled in Tomcat (cargo.run) for local development

      https://tomcat.apache.org/tomcat-8.5-doc/config/cookie-processor.html

      Attachments

        Activity

          People

            aschrijvers Ard Schrijvers
            aschrijvers Ard Schrijvers
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: