Just to confirm, we know that Chrome will block JSESSIONID it if sent over
unsecure connection and with SameSite=None. But we saw the
previously mentioned issue in Firefox.
Thanks,
On Wed, 11 Mar 2020 at 15:33, M. Manna wrote:
> Hi All,
>
> Due to the recent issues with Chrome 80, we have had t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
M,
On 11/8/19 10:40, M. Manna wrote:
> Interesting question.
>
> samesite attribute is also to protect cookies from possible
> cross-site attacks. Even if you have super domain cookies, using
> strict/lax shouldn't make any difference for you, or d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 11/8/19 11:53, Mark Thomas wrote:
>> All,
>>
>> I'm looking at using "samesite" cookies within my application.
>> It looks as simple as setting the "sameSite" attribute
>> appropriately on the CookieProcessor for the , which
>> isn't there
> All,
>
> I'm looking at using "samesite" cookies within my application. It
> looks as simple as setting the "sameSite" attribute appropriately on
> the CookieProcessor for the , which isn't there in a default
> configuration. So you just have to add it:
>
>
>
>
>
>
>
> Cool, now my JSE
On Fri, Nov 8, 2019 at 4:04 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
> I'm looking at using "samesite" cookies within my application. It
> looks as simple as setting the "sameSite" attribute appropriately on
> the
Hey Chris,
Interesting question.
samesite attribute is also to protect cookies from possible cross-site
attacks. Even if you have super domain cookies, using strict/lax shouldn't
make any difference for you, or does it?
Thanks,
On Fri, 8 Nov 2019 at 15:04, Christopher Schultz <
ch...@christophe