-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Abirami,
On 7/1/20 03:06, S Abirami wrote:
> We can add the samesite attribute in set-cookie header through
> context.xml entry in tomcat. Is there any other way, can we add
> samesite attribute in response of set-cookie header.
Not for Tomcat-generated cookies, and not for cookies added to the
response like this:
response.addCookie(myCookie);
This is because the Servlet API hasn't yet caught up with
state-of-the-art.
You can, however, craft your own Set-Cookie response header like this:
response.addHeader("Set-Cookie", "CookieName=value; SameSite=Strict");
Remember that there are rules about the composition of the cookie's
name, value, etc. that Tomcat enforces for you that you will have to
handel yourself.
> I tried with filter by using setHeader but it is sending two
> set-Cookie header.
Correct: you will have to use *either* setCookie() or setHeader().
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl7+GyYACgkQHPApP6U8
pFiSqBAAhG9IHJXD4ec6TQD1F2o9CIbRyHSkVYrAl0miT5cz6BkhuqG7uEnpUw66
8m3oe6CCG1syEliyyHM3A7ySXGEYm54otp4A0GRkcK64kd+RwQKKV5JsSp0xFxtG
dqKRtPGKJL7sQ+kaa4Qo2KqAa7ntQFTRVhg44Lofj8usiu/az5Kg6y8gSgQ/3I2Y
n75PCchaMHsilvSIm3sztR6MpoeRXevv7/93LfI1xzyN6Rg1mE0xivKReQfryMeT
sySwz3S1kZgOb3y+xUgSdL0HNSzT+IoKX58UTrMnmnWRS1hnJ30Fu21Nki+ygyZi
iikJCYi8Fv2SjkvQh+klgVMsr/QxYvYIBKof0Tf4n8/gU6ABy9ZVUdiTeezATytT
Kh5r2C6I+nk9/Osl9s9pHauqzQ/evwjPe/d0eJXkHILam09KB6wqnJ4m3Gq9NcYc
S9f5vjTuScncrVn9+GTvr29onrhI8gh7BRTmYehgHaqt7Hl7alLeNV7ccIOjjYOY
qqC+qXDydaHUBBgappAnZnHepNPSKn0kjKhi63gsjoBVXnLmgR7mYUWwmvoPb+/t
E3T5PL73/cjxBNPk/THao0JI+3UoDlQG4rsZL/wxo7q1ZGzbtrbUrr+7Q7pDBY+y
3YhzVFu68xHkH0Tch3UxFn2qvPXToPHNCzSXDi9Dm5IuGf49UKc=
=97wq
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
