Skip to Content
1
Jan 31, 2020 at 05:25 AM

Is there any way to setup JSESSIONID to SameSite=None in Tomcat7.0.82?

13495 Views Last edit Jan 31, 2020 at 02:04 PM 3 rev

Hi all.

We heard that new chrome browser(ver8.0) will be released on Feb 4.

We download Chrome beta and tested our site and found some problem.

User lost hybris JSESSIONID cookie when user returned from the third party site.

New chrome's default cookie policy is SameSite=Lax, not SameSite=None.

So we have to setup JSESSIONID cookie to SameSite=NONE.

Our current Hybris verison is 6.6 and bundled tomcat version is 7.0.82.

Is there any way to setup JSESSIONID to SameSite=None in Tomcat7.0.82?

(I found below link, but it works on over tomcat 8.5.42 only)

https://stackoverflow.com/questions/57505939/how-to-set-samesite-cookie-in-tomcats-cookie-processor

update : I refered below url and added some code to hybris.

https://stackoverflow.com/questions/49697449/how-to-enable-samesite-for-jsessionid-cookie

That made JSESSIONID cookie to SameSite=None successfully in local environment.

But when I applied it to AWS server nothing changed.

How to change JSESSIONID to SameSite=None?

Thanks in advance.