Just to confirm, we know that Chrome will block JSESSIONID it if sent over
unsecure connection and with SameSite=None. But we saw the
previously mentioned issue in Firefox.


On Wed, 11 Mar 2020 at 15:33, M. Manna <manme...@gmail.com> wrote:

> Hi All,
> Due to the recent issues with Chrome 80, we have had to make some changes
> for our context.xml to have SameSite attribute setup for CookieProcessor
> What we've noticed is that even though CookieProcessorBase captures and
> assigns the correct value (e.g. "None" or "Lax"), the Network tab of
> browsers (e.g. Firefox, Chrome) always shows SameSite as "Unset". But if
> you observe the response header, it's actually setting the correct value.
> The question is - Would this be expected? Or, do we have to fix something
> here for browsers?
> Regards,
> M. MAnna

Reply via email to