Hi, the Servlet spec doesn't support the "sameSite" attribute yet. You can explicitly set a cookie header instead. Or instruct Tomcat to add the attribute for you:
https://stackoverflow.com/questions/57505939/how-to-set-samesite-cookie-in-tomcats-cookie-processor Have fun Sven Am 16. Dezember 2019 03:19:10 MEZ schrieb ShengChe Hsiao <front...@gmail.com>: >Dear all > >Recently, I found chrome's developer console shows alert about >cookie SameSite... >A cookie associated with a cross-site resource at >https://xxxxxxx.xxxx.xxxx/ >was set without the `SameSite` attribute. A future release of Chrome >will >only deliver cookies with cross-site requests if they are set with >`SameSite=None` and `Secure`. You can review cookies in developer tools >under Application>Storage>Cookies and see more details at >https://www.chromestatus.com/feature/5088147346030592 and >https://www.chromestatus.com/feature/5633521622188032. > >Since servlet spec doesn't support this property, how can I deal with >it? > > >-------------------------------------------------------------------- >-----------------------------------> >To boldly go where no man has gone before. >-------------------------------------------------------------------- >-----------------------------------> >We do this not because it is easy. We do this because it is hard. >----------------------------------------------------------------- >--------------------------------------> >If I have seen further it is by standing on the shoulders of giants. >---------------------------------------------------------- >---------------------------------------------> >front...@gmail.com >--------------------------------------------------------------------------------------------->
