Hi Christopher,
I have used setHeader, addCookie for that also it is getting twice
Only after, disabling cookie false in context.xml setHeader for cookie is
working.
I tried option also
Regards,
Abirami.S
-----Original Message-----
From: Christopher Schultz <ch...@christopherschultz.net>
Sent: Thursday, July 2, 2020 11:07 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: SameSite attribute handling
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Abirami,
On 7/1/20 03:06, S Abirami wrote:
> We can add the samesite attribute in set-cookie header through
> context.xml entry in tomcat. Is there any other way, can we add
> samesite attribute in response of set-cookie header.
Not for Tomcat-generated cookies, and not for cookies added to the response
like this:
response.addCookie(myCookie);
This is because the Servlet API hasn't yet caught up with state-of-the-art.
You can, however, craft your own Set-Cookie response header like this:
response.addHeader("Set-Cookie", "CookieName=value; SameSite=Strict");
Remember that there are rules about the composition of the cookie's name,
value, etc. that Tomcat enforces for you that you will have to handel yourself.
> I tried with filter by using setHeader but it is sending two
> set-Cookie header.
Correct: you will have to use *either* setCookie() or setHeader().
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird -
https://protect2.fireeye.com/v1/url?k=e0a38852-be03323c-e0a3c8c9-86b1886cfa64-a04f2de4a687fd81&q=1&e=a3c49822-9bd3-43bd-ab88-cf37edfe243e&u=https%3A%2F%2Fwww.enigmail.net%2F
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl7+GyYACgkQHPApP6U8
pFiSqBAAhG9IHJXD4ec6TQD1F2o9CIbRyHSkVYrAl0miT5cz6BkhuqG7uEnpUw66
8m3oe6CCG1syEliyyHM3A7ySXGEYm54otp4A0GRkcK64kd+RwQKKV5JsSp0xFxtG
dqKRtPGKJL7sQ+kaa4Qo2KqAa7ntQFTRVhg44Lofj8usiu/az5Kg6y8gSgQ/3I2Y
n75PCchaMHsilvSIm3sztR6MpoeRXevv7/93LfI1xzyN6Rg1mE0xivKReQfryMeT
sySwz3S1kZgOb3y+xUgSdL0HNSzT+IoKX58UTrMnmnWRS1hnJ30Fu21Nki+ygyZi
iikJCYi8Fv2SjkvQh+klgVMsr/QxYvYIBKof0Tf4n8/gU6ABy9ZVUdiTeezATytT
Kh5r2C6I+nk9/Osl9s9pHauqzQ/evwjPe/d0eJXkHILam09KB6wqnJ4m3Gq9NcYc
S9f5vjTuScncrVn9+GTvr29onrhI8gh7BRTmYehgHaqt7Hl7alLeNV7ccIOjjYOY
qqC+qXDydaHUBBgappAnZnHepNPSKn0kjKhi63gsjoBVXnLmgR7mYUWwmvoPb+/t
E3T5PL73/cjxBNPk/THao0JI+3UoDlQG4rsZL/wxo7q1ZGzbtrbUrr+7Q7pDBY+y
3YhzVFu68xHkH0Tch3UxFn2qvPXToPHNCzSXDi9Dm5IuGf49UKc=
=97wq
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
