Update SameSite filter to use the new Servlet 6.0 API for cookie attributes
Basics
Logistics
Basics
Logistics
Description
Jakarta Servlet 6.0 supports generic cookie attributes. The SameSite filter uses string formatting to append the SameSite attribute. This could be changed to use the new APIs.
This would then require the container to support servlet spec 6.0 and hence will not be implemented until the IdP requires it.
Environment
None
Activity
Scott Cantor
December 7, 2023 at 3:55 PM
Just noting for posterity, our official support level was IIRC Servlet 5.0, so this is probably a “for IdP 6” thing I guess. Our system requirements page neglects to state the servlet requirement outright, so need to validate my understanding of that.
Jakarta Servlet 6.0 supports generic cookie attributes. The SameSite filter uses string formatting to append the SameSite attribute. This could be changed to use the new APIs.
This would then require the container to support servlet spec 6.0 and hence will not be implemented until the IdP requires it.