That's strange. I was not aware the proposal had expired. I've been working off
of a few pages as it seemed Chrome/Edge were moving forward with Firefox at
least showing positive support without committing.
https://developer.chrome.com/en/docs/privacy-sandbox/third-party-cookie-phase-out/
(October 2023)
https://github.com/mozilla/standards-positions/issues/678 (Firefox showing
positive support, last updated 2022)
https://developer.mozilla.org/en-US/docs/Web/Privacy/Partitioned_cookies
https://github.com/privacycg/CHIPS
Adam
From: Chuck Caldarale
Sent: Wednesday, November 15, 2023 9:48 AM
To: Tomcat Users List
Subject: [EXTERNAL] - Re: Partitioned cookies
CAUTION: This email originated from outside of the organization. Do not click
links or open attachments unless you recognize the sender and know the content
is safe. If you feel that the email is suspicious, please report it using
PhishAlarm.
On Nov 15, 2023, at 08:06, Adam Warfield wrote:
The Rfc6265CookieProcessor supports setting the SameSite cookie attribute but
starting in 2024, browsers will begin enforcing the newer "Partitioned"
attribute for third-party cookies. Is there a way to set this attribute within
Tomcat for things like the JSESSIONID and XSRF-TOKEN cookies? This affects any
webapps that are embedded within iframes across domains where those cookies
will be rejected if not partitioned.
Looks like the CHIPS proposal:
Cookies Having Independent Partitioned State
specification<https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-cutler-httpbis-partitioned-cookies/__;!!Obbck6kTJA!ZbFXogBE-lmZ3xovqF3YsoKYNLtMlNnrsEiA_SfTTvGWShrjsmioTAiQofWo4Ir5w1x4v6JfFDVDzeQ$>
datatracker.ietf.org<https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-cutler-httpbis-partitioned-cookies/__;!!Obbck6kTJA!ZbFXogBE-lmZ3xovqF3YsoKYNLtMlNnrsEiA_SfTTvGWShrjsmioTAiQofWo4Ir5w1x4v6JfFDVDzeQ$>
[ietf-logo-nor-180.png]<https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-cutler-httpbis-partitioned-cookies/__;!!Obbck6kTJA!ZbFXogBE-lmZ3xovqF3YsoKYNLtMlNnrsEiA_SfTTvGWShrjsmioTAiQofWo4Ir5w1x4v6JfFDVDzeQ$>
expired this past May and no updated version has been submitted to IETF. Is
there some other active standards document describing cookie partitioning?
- Chuck