bdemers commented on pull request #67: URL: https://github.com/apache/shiro/pull/67#issuecomment-671620977
Ahh, it doesn't look like that setting is _directly_ exposed. I just created: https://issues.apache.org/jira/browse/SHIRO-787 Ideally it would be something like, just setting the property: ``` shiro.sessionManager.cookie.sameSite=LAX ``` But, you should be able to work around this but doing something like: ```java @Autowired private SessionManager sessionManager; @PostConstruct void updateCookieConfig() { ((DefaultWebSessionManager) sessionManager).getSessionIdCookie().setSameSite(Cookie.SameSiteOptions.LAX); } ``` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
