Win a copy of Beginning Java 17 Fundamentals: Object-Oriented Programming in Java 17 this week in the Java in General forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Junilu Lacar
  • Rob Spoor
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Jesse Silverman
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Frits Walraven

SameSite Cookie for Java

 
Ranch Hand
Posts: 255
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

We are using Servlet Cookie API to set the Cookie , i want to support the SameSite Cookie for Chrome browser version 80, Servlet Cookie API doesn't support SameSite and Secure attributes. Is there a possibility to create a Custom Cookie to set the SameSite attribute in java/servlet code ? If so there are any examples available ? Please let know how we can set the SameSite attribute in Java servlet code?

Cookie cookie = ServletUtil.createCookie(“Cookie Name”);
           cookie.setDomain(“test);
           cookie.setMaxAge(60 * 60 * 24 * 60);
           cookie.setPath("/");
           pResponse.addCookie(cookie);



Thanks
 
Saloon Keeper
Posts: 7233
169
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes, that's pretty much how you would do it. I'm guessing there is a spec somewhere that defines how and when it should be set, probably https://tools.ietf.org/id/draft-ietf-httpbis-rfc6265bis-03.html#rfc.section.5.3.7. https://stackoverflow.com/questions/42717210/samesite-cookie-in-java-application seems relevant as well.
 
Rithanya Laxmi
Ranch Hand
Posts: 255
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Tim, rather than making these changes from Java code, whether there is a way to detect the SameSite Cookie flags (chrome://flags – 3 of them which are enabled by default in Chrome version 80) set in the user Chrome browser version 80 to see it is enabled through Java script/Java ?  and if  these flags are “enabled” “disable” the flags through the javascript/java. Any API to detect these SameSite cookie flags which are internal to Chrome version 80 browser TO HANDLE THIS OPERATION?
 
Rithanya Laxmi
Ranch Hand
Posts: 255
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Experts,

Any update to handle this
 
Tim Moores
Saloon Keeper
Posts: 7233
169
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The API is the servlet cookie API as I pointed out earlier. You would do this using Java on the server. Javascript in the browser has nothing to do with it. (You might use it to read the attribute, though.)
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic