Versions Compared

Old Version 33

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Warning
titleSafari

Webkit based browsers on Mac (safari) and iOS (safair, chome, firefox etc)  are currently affected by a bug that treats SameSite=None or SameSite=nonesense cookies as SameSite=Strict (https://bugs.webkit.org/show_bug.cgi?id=198181). We believe We believe the fix for this will only take affect effect from MacOS 10.15 and iOS 13. Consequently, any attempt to maintain the current functional behaviour of cookies by setting SameSite=None on unfixed unpatched versions of Webkit will break SSO. WE ARE CURRENTLY TESTING THIS, SO THIS MESSAGE MAY CHANGE. 

Implementation

Following on from IdP SameSite Testing, here we describe a new Servlet Filter (SameSiteSessionCookieFilter) for appending the same-site cookie flag to specified cookies. The SameSiteSessionCookieFilter wraps the HttpResponse with a SameSiteResponseProxy proxy. The proxy overrides the getWriter, sendError, getOutputStream, and sendRedirect Response methods such that any attempt from a Servlet to commit a response back to the client invokes the 'append same site attribute' logic over the current set of Set-Cookie headers.

...