Versions Compared

Old Version 33

changes.mady.by.user Former user

Saved on

compared with

New Version 34

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Warning
titleSafari

Webkit based browsers on Mac (safari) and iOS (safair, chome, firefox etc)  are currently affected by a bug that treats SameSite=None or SameSite=nonesense cookies as SameSite=Strict (https://bugs.webkit.org/show_bug.cgi?id=198181). We believe the fix for this will only take affect from MacOS 10.15 and iOS 13. Consequently, any attempt to maintain the current functional behaviour of cookies by setting SameSite=None on unfixed versions of Webkit will break SSO. WE ARE CURRENTLY TESTING THIS, SO THIS MESSAGE MAY CHANGE. 

Implementation

Following on from IdP SameSite Testing, here we describe a new Servlet Filter (SameSiteSessionCookieFilter) for appending the same-site cookie flag to specified cookies. The SameSiteSessionCookieFilter wraps the HttpResponse with a SameSiteResponseProxy proxy. The proxy overrides the getWriter, sendError, getOutputStream, and sendRedirect Response methods such that any attempt from a Servlet to commit a response back to the client invokes the 'append same site attribute' logic over the current set of Set-Cookie headers.

...