mcroteau edited a comment on pull request #67:
URL: https://github.com/apache/shiro/pull/67#issuecomment-671634869
I tried setting the SameSite attribute within my authentication routine, but
still no luck. Maybe there is something wrong with my spring wiring?
**Spring Config**
`<bean id="hashedCredentialsMatcher"
class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<property name="hashAlgorithmName" value="SHA-256"/>
</bean>
<bean id="jdbcRealm" class="xyz.ioc.realms.JdbcRealm">
<property name="credentialsMatcher"
ref="hashedCredentialsMatcher"/>
</bean>
<bean id="sessionManager"
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager"/>
<bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="jdbcRealm"/>
<property name="sessionManager" ref="sessionManager"/>
</bean>
<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="auth/signin"/>
<property name="successUrl" value="/"/>
<property name="unauthorizedUrl" value="/unauthorized.jsp"/>
</bean>`
**AuthController**
```java
DefaultWebSessionManager defaultWebSessionManager =
(DefaultWebSessionManager)securityManager.getSessionManager();
defaultWebSessionManager.getSessionIdCookie().setSameSite(Cookie.SameSiteOptions.NONE);
defaultWebSessionManager.getSessionIdCookie().setSecure(true);
```
In addition, here is a link to my project. http://github.com/mcroteau/Zeus
`development` branch if you want to take a look... thank you sincerely.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
