Hi Mark, We don't have concern regarding the restart of tomcat for the changes in context.xml. As our web application is mainly used to launch only the standalone application. I have updated Cookieprocessor entry under the context tag in server.xml specific to the application context path and it is working fine.
But, I could see that tenable detects that all other web application also has the SameSite attribute even though I have mentioned only in the specific application context. It is really surprising me . But, contrast ZAP tool reports for other application it doesn't have SameSite attribute. Regards, Abirami.S -----Original Message----- From: Mark Thomas <ma...@apache.org> Sent: Thursday, June 11, 2020 8:19 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: RE: context.xml under META-INF was not working On June 11, 2020 2:32:51 PM UTC, S Abirami <s.abir...@ericsson.com.INVALID> wrote: >Hi Mark, > >We are using Apache Tomcat 9.0.33. >I am not seeing any exception regarding it. That isn't what I asked. I asked for the log messages . Fortunately, you have provided the information I was looking for below. >In our application the web-application will not be located under the >CATALINA_HOME/webapps location. >We placed in other location and mentioned the path in context tag with >attributes path and docBase in server.xml . It is strongly recommended you don't define Context elements in server.xml as they only way to change them us to restart Tomcat. > Here ,we mentioned the >deployOnStartUp as false. >Hence, I have created META-INF directory under the App_folder and >created the context.xml and MANIFEST.MF files. That won't work. The Context element in server.xml will be used. Either edit the Context in server.xml or, better, move the Context definitions to $CATALINA_BASE/conf/<engine name>/<host name>/ Mark > >Regarding logs, I could see only the below messages > >WARNING: Match [Server/Service/Engine/Host/Context] failed to set >property [antiJARLocking] to [false] >WARNING: Match [Context/Manager] failed to set property [randomClass] >to [java.security.SecureRandom] >SEVERE: Unknown default host [localhost] for service >[StandardService[Catalina]]. Tomcat will not be able process HTTP/1.0 >requests that do not specify a host name. > > >Regards, >Abirami.S > >-----Original Message----- >From: Mark Thomas <ma...@apache.org> >Sent: Thursday, June 11, 2020 7:27 PM >To: users@tomcat.apache.org >Subject: Re: context.xml under META-INF was not working > >On 11/06/2020 12:46, S Abirami wrote: >> Hi Mark, >> >> The below is the content of the context.xml >> >> <?xml version="1.0" encoding="UTF-8"?> <Context> <CookieProcessor >> sameSiteCookies="strict"/> </Context> > >That looks OK. > >What Tomcat version are you using? > >What do the logs say when the application is deployed? That will tell >you where it is being deployed from which might suggest why that file >isn't taking effect. > >Mark > > >> >> Regards, >> Abirami.S >> -----Original Message----- >> From: Mark Thomas <ma...@apache.org> >> Sent: Thursday, June 11, 2020 5:12 PM >> To: users@tomcat.apache.org >> Subject: Re: context.xml under META-INF was not working >> >> On 11/06/2020 11:42, S Abirami wrote: >>> Hi All, >>> >>> I want to configure SameSite attribute to the specific >web-application. >>> For that, I have updated the context.xml of specific web application > >>> located in <App_Folder>/META-INF/context.xml >>> >>> <CookieProcessor sameSiteCookies="strict"/> >>> >>> >>> It is not working. Only the changes in global context.xml is >working. Please guide to solve the issue. >> >> What is the full contents of <App_Folder>/META-INF/context.xml >> >> Mark >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org