Support for SameSite attribute in Set-Cookie header is needed #10384
Labels
bug
This bug is not present in a released version of Open Liberty
in:Transport
release bug
This bug is present in a released version of Open Liberty
release:20002
team:Sirius
With the upcoming stable version of Chrome 80, Chrome will treat cookies as SameSite=Lax by default if no SameSite attribute is specified.
More information can be found here:
https://www.chromestatus.com/feature/5088147346030592
Setting the cookie's SameSite option in application code by adding the "set-cookie" header can result in two separate cookies, instead of the SameSite attribute reconized as an attribute to the current cookie.
For instance, an expected HTTP header in the response using SameSite should read as:
Set-Cookie: sid=noS6xWtH3tdF6eLjQVngvqk; HttpOnly; Secure; SameSite=None
However, it could be split as:
Set-Cookie: sid=noS6xWtH3tdF6eLjQVngvqk; Secure; HttpOnly
Set-Cookie: SameSite=None
The text was updated successfully, but these errors were encountered: