Hi Christopher, I have used setHeader, addCookie for that also it is getting twice Only after, disabling cookie false in context.xml setHeader for cookie is working.
I tried option also Regards, Abirami.S -----Original Message----- From: Christopher Schultz <ch...@christopherschultz.net> Sent: Thursday, July 2, 2020 11:07 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: SameSite attribute handling -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Abirami, On 7/1/20 03:06, S Abirami wrote: > We can add the samesite attribute in set-cookie header through > context.xml entry in tomcat. Is there any other way, can we add > samesite attribute in response of set-cookie header. Not for Tomcat-generated cookies, and not for cookies added to the response like this: response.addCookie(myCookie); This is because the Servlet API hasn't yet caught up with state-of-the-art. You can, however, craft your own Set-Cookie response header like this: response.addHeader("Set-Cookie", "CookieName=value; SameSite=Strict"); Remember that there are rules about the composition of the cookie's name, value, etc. that Tomcat enforces for you that you will have to handel yourself. > I tried with filter by using setHeader but it is sending two > set-Cookie header. Correct: you will have to use *either* setCookie() or setHeader(). - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://protect2.fireeye.com/v1/url?k=e0a38852-be03323c-e0a3c8c9-86b1886cfa64-a04f2de4a687fd81&q=1&e=a3c49822-9bd3-43bd-ab88-cf37edfe243e&u=https%3A%2F%2Fwww.enigmail.net%2F iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl7+GyYACgkQHPApP6U8 pFiSqBAAhG9IHJXD4ec6TQD1F2o9CIbRyHSkVYrAl0miT5cz6BkhuqG7uEnpUw66 8m3oe6CCG1syEliyyHM3A7ySXGEYm54otp4A0GRkcK64kd+RwQKKV5JsSp0xFxtG dqKRtPGKJL7sQ+kaa4Qo2KqAa7ntQFTRVhg44Lofj8usiu/az5Kg6y8gSgQ/3I2Y n75PCchaMHsilvSIm3sztR6MpoeRXevv7/93LfI1xzyN6Rg1mE0xivKReQfryMeT sySwz3S1kZgOb3y+xUgSdL0HNSzT+IoKX58UTrMnmnWRS1hnJ30Fu21Nki+ygyZi iikJCYi8Fv2SjkvQh+klgVMsr/QxYvYIBKof0Tf4n8/gU6ABy9ZVUdiTeezATytT Kh5r2C6I+nk9/Osl9s9pHauqzQ/evwjPe/d0eJXkHILam09KB6wqnJ4m3Gq9NcYc S9f5vjTuScncrVn9+GTvr29onrhI8gh7BRTmYehgHaqt7Hl7alLeNV7ccIOjjYOY qqC+qXDydaHUBBgappAnZnHepNPSKn0kjKhi63gsjoBVXnLmgR7mYUWwmvoPb+/t E3T5PL73/cjxBNPk/THao0JI+3UoDlQG4rsZL/wxo7q1ZGzbtrbUrr+7Q7pDBY+y 3YhzVFu68xHkH0Tch3UxFn2qvPXToPHNCzSXDi9Dm5IuGf49UKc= =97wq -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org