> On Nov 15, 2023, at 08:06, Adam Warfield <awarf...@opentext.com.INVALID> > wrote: > > The Rfc6265CookieProcessor supports setting the SameSite cookie attribute but > starting in 2024, browsers will begin enforcing the newer "Partitioned" > attribute for third-party cookies. Is there a way to set this attribute > within Tomcat for things like the JSESSIONID and XSRF-TOKEN cookies? This > affects any webapps that are embedded within iframes across domains where > those cookies will be rejected if not partitioned.
Looks like the CHIPS proposal: https://datatracker.ietf.org/doc/draft-cutler-httpbis-partitioned-cookies/ expired this past May and no updated version has been submitted to IETF. Is there some other active standards document describing cookie partitioning? - Chuck
