breautek commented on issue #383: URL: https://github.com/apache/cordova/issues/383#issuecomment-1444438592
[Set-Cookie](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie) is a response header. The client (e.g. Cordova) cannot set this header. This isn't to be confused with the [Cookie](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cookie) request header, which is what is sent to the server. `SameSite` is part of `Set-Cookie`, only the server can set this option when setting cookies. The `Cookie` request header which gets sent to the server will not have `SameSite` in it's value because it's not relevant. The purpose of the `SameSite` option is to tell the **browser**/**webview** how it should accept the cookie, depending on it's cookie policy, so there is no reason for the browser to send the `SameSite` configuration back to the server. Generally speaking, to set the `SameSite` configuratoin, the server must set the `Set-Cookie: cookie-name=cookie-value; SameSite=None; Secure` header for the response of a request. How to do that in Tomcat I'm not sure, you may have to refer to their documentation. Closing because this isn't describing a bug with Cordova. For support with Cordova, it will be best to raise a topic on the [Discussions](https://github.com/apache/cordova/discussions) board. However, for support with Tomcat, you would probably have better luck going through their [support](https://tomcat.apache.org/findhelp.html) channels. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
