-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Abirami,
On 7/6/20 12:16, S Abirami wrote: > I have used setHeader, addCookie for that also it is getting > twice Of course it is, if Tomcat is automatically adding a Cookie to the response for you. > Only after, disabling cookie false in context.xml setHeader for > cookie is working. What exact version of Tomcat are you using? What is the problem you are trying to solve? If you are setting sameSiteCookies to something other than "unset", then it will affect all cookies for which Tomcat generates a "Set-Cookie" header. > I tried option also ?? - From your original post: > Context changes reflecting issue in tenable vulnerable. I'm not sure I understand what you are saying, here. Can you explain in a different way? - -chris > -----Original Message----- From: Christopher Schultz > <ch...@christopherschultz.net> Sent: Thursday, July 2, 2020 11:07 > PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: > SameSite attribute handling > > Abirami, > > On 7/1/20 03:06, S Abirami wrote: >> We can add the samesite attribute in set-cookie header through >> context.xml entry in tomcat. Is there any other way, can we add >> samesite attribute in response of set-cookie header. > Not for Tomcat-generated cookies, and not for cookies added to the > response like this: > > response.addCookie(myCookie); > > This is because the Servlet API hasn't yet caught up with > state-of-the-art. > > You can, however, craft your own Set-Cookie response header like > this: > > response.addHeader("Set-Cookie", "CookieName=value; > SameSite=Strict"); > > Remember that there are rules about the composition of the cookie's > name, value, etc. that Tomcat enforces for you that you will have > to handel yourself. > >> I tried with filter by using setHeader but it is sending two >> set-Cookie header. > > Correct: you will have to use *either* setCookie() or setHeader(). > > -chris > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl8DX2YACgkQHPApP6U8 pFgcSxAArdXTwk0pPdSEjSX141D2mDyD1kHKrZdYDjx/xF/NOphvIQCE2aa2baDG 38hmlmwL8x4CaNs0DJa3Wbnq2MDnnzUlZAbxHlLpaLuFedJgkuKLMSz9ZOZpqD6G 1yDw1rTF2ipxJ5lD9/2gzC9Sx8PZumieKNJhYIhLgT+m8jMg6z6zABsSJ7rkIydg ypUwB6EVFsWnKTmC1UwCRYukjZLE4OhMem5WTnAg98aTdGSzdrU3POdwRTfmbYXa qhVp0+Ig95pvODmxM1MEwgKlZxj4p8ToRClxkB8A3t3E4pp1TreEVemj3lHCKu8b npT+ZqcrMa5evswUflvP+7bTzDuM1Y9Bc8K3ZDNM2hKs0KCxAHiZgI02RTZJFUXm eQN8mmv4FrCtWGUKgAcRcZdlPmT7WNBxhZnDe8n0WGJPNEZ2Gu7sLhjAhIvwz/DU cHVvHrq7QMSBrRFpiBW4KkjS18P6nhSN6P22ex3GVa0cpj6+EVbuIc0LFSJ8YlqI AO/t4WGte0TeF5WaxaCKS6+ZQvWRe1S+YACXi0mstbB6TSYKnYFJRzonw2sCLF3K ic58arJzXlqpd9qWv424vP5QhG2FChXSPXctgkk75PZWtZfcqc9qXBN0ZrRAoclv LfSGXPG4YSWQ3uZ9t5Ia1UQ9h6btGHZGuYZGrMkvJJ5Ksj8u9Rg= =QssU -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org