如何在Tomcat的Cookie处理器中设置SameSite Cookie? [英] How to set SameSite Cookie in Tomcat's Cookie Processor?

问题描述

Tomcat的context.xml定义CookieProcessor (默认的LegacyCookieProcessor)

Tomcat's context.xml defines CookieProcessor (default LegacyCookieProcessor)

https://tomcat.apache.org/tomcat -9.0-doc/config/cookie-processor.html

我正在尝试添加cookie处理器上显示的属性，但这似乎不起作用

I'm trying to add attribute(s) shown on cookie processor, however that doesn't seems to be working

我没有看到设置了sameSite属性的Tomcat响应标头cookie

I don't see Tomcat's response header cookie with sameSite attribute being set

推荐答案

在您的Web应用程序中，在META-INF文件夹内创建一个context.xml文件，并在其中添加

In your web application, inside the META-INF folder create a context.xml file with this inside.

<Context>
   <CookieProcessor sameSiteCookies="strict" />
</Context>

如果您已经有一个context.xml文件，则只需添加CookieProcessor元素.

If you already have a context.xml file, you just need to add the CookieProcessor element.

从Tomcat 9.0.21和8.5.42开始，这种行为是可能的.

This behavior is possible since Tomcat 9.0.21 and 8.5.42.

于2019年5月20日以请求请求合并到Tomcat主机中 162

Merged into Tomcat master on 20th of May 2019 with pull request 162

这篇关于如何在Tomcat的Cookie处理器中设置SameSite Cookie?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！