Rocket Modern Experience (formerly LegaSuite)

------------------------------
Peter Cheng
E2open
------------------------------

Hi Peter,

I know that it is possible to modify the context.xml for Tomcat for SameSite Cookies.
I am investigating this further.

Thanks, Sarah

------------------------------
Sarah Gerards-Gilbert
Rocket Software
------------------------------

Original Message:
Sent: 09-22-2020 11:03
From: Peter Cheng
Subject: Setting SameSite attribute

Does anyone know how to set SameSite = "Strict" to JSESSIONID cookie in TomCat 9_0_13?  Thanks

------------------------------
Peter Cheng
E2open
------------------------------

Hi Peter,

I have been investigating and have not been able to find the solution for this for Tomcat 9.0.13.
It looks like the functionality for setting the samesite cookies is available from Tomcat 9.0.21 and higher, however.
In this version you can generate a context.xml file, which should be saved to the webapps/<appname>/META-INF folder.  I have attached an example.

Please let me know if you have any additional questions.

Thanks, Sarah

------------------------------
Sarah Gerards-Gilbert
Rocket Software
------------------------------

Original Message:
Sent: 09-22-2020 11:03
From: Peter Cheng
Subject: Setting SameSite attribute

Does anyone know how to set SameSite = "Strict" to JSESSIONID cookie in TomCat 9_0_13?  Thanks

------------------------------
Peter Cheng
E2open
------------------------------

Hi Sarah,

That's exactly what I have on my Context.xml, this file was manually created, not generated.

Does it work for you on "Tomcat 9.0.13"?

------------------------------
Peter Cheng
E2open
------------------------------

Original Message:
Sent: 10-29-2020 17:57
From: Sarah Gerards-Gilbert
Subject: Setting SameSite attribute

Hi Peter,

I have been investigating and have not been able to find the solution for this for Tomcat 9.0.13.
It looks like the functionality for setting the samesite cookies is available from Tomcat 9.0.21 and higher, however.
In this version you can generate a context.xml file, which should be saved to the webapps/<appname>/META-INF folder.  I have attached an example.

Please let me know if you have any additional questions.

Thanks, Sarah

------------------------------
Sarah Gerards-Gilbert
Rocket Software

Original Message:
Sent: 09-22-2020 11:03
From: Peter Cheng
Subject: Setting SameSite attribute

Does anyone know how to set SameSite = "Strict" to JSESSIONID cookie in TomCat 9_0_13?  Thanks

------------------------------
Peter Cheng
E2open
------------------------------

Hi Peter,

I manually created (generated was a poor choice of words) the context.xml too.  I tried it on 9.0.37, where it worked, and 9.0.13, where it was ignored.
As far as I can currently determine a global same-site cookie setting in the default Rfc6265CookieProcessor was introduced in Tomcat 9.0.21 and backported to Tomcat 8.5.41.  It's not available in 9.0.13.
There may be options for securing the samesite cookie in Apache Web Server and using it in front of Tomcat.  I believe there are a number of articles online for doing this.  Or an alternative may be to upgrade your version of Tomcat, when this is a viable option.

Thanks, Sarah

------------------------------
Sarah Gerards-Gilbert
Rocket Software
------------------------------

Original Message:
Sent: 11-04-2020 14:58
From: Peter Cheng
Subject: Setting SameSite attribute

Hi Sarah,

That's exactly what I have on my Context.xml, this file was manually created, not generated.

Does it work for you on "Tomcat 9.0.13"?

------------------------------
Peter Cheng
E2open

Original Message:
Sent: 10-29-2020 17:57
From: Sarah Gerards-Gilbert
Subject: Setting SameSite attribute

Hi Peter,

I have been investigating and have not been able to find the solution for this for Tomcat 9.0.13.
It looks like the functionality for setting the samesite cookies is available from Tomcat 9.0.21 and higher, however.
In this version you can generate a context.xml file, which should be saved to the webapps/<appname>/META-INF folder.  I have attached an example.

Please let me know if you have any additional questions.

Thanks, Sarah

------------------------------
Sarah Gerards-Gilbert
Rocket Software

Original Message:
Sent: 09-22-2020 11:03
From: Peter Cheng
Subject: Setting SameSite attribute

Does anyone know how to set SameSite = "Strict" to JSESSIONID cookie in TomCat 9_0_13?  Thanks

------------------------------
Peter Cheng
E2open
------------------------------

Hi Sarah,

We are looking to upgrade TomCat server for Legasuite.  Does Rocket have a version that it recommends? I am still on Legasuite 8.5.1

Thanks

Peter

------------------------------
Peter Cheng
Advisory Information Engineering
Amber Road Inc
Parsippany NJ United States
------------------------------

Original Message:
Sent: 11-04-2020 16:57
From: Sarah Gilbert
Subject: Setting SameSite attribute

Hi Peter,

I manually created (generated was a poor choice of words) the context.xml too.  I tried it on 9.0.37, where it worked, and 9.0.13, where it was ignored.
As far as I can currently determine a global same-site cookie setting in the default Rfc6265CookieProcessor was introduced in Tomcat 9.0.21 and backported to Tomcat 8.5.41.  It's not available in 9.0.13.
There may be options for securing the samesite cookie in Apache Web Server and using it in front of Tomcat.  I believe there are a number of articles online for doing this.  Or an alternative may be to upgrade your version of Tomcat, when this is a viable option.

Thanks, Sarah

------------------------------
Sarah Gerards-Gilbert
Rocket Software

Original Message:
Sent: 11-04-2020 14:58
From: Peter Cheng
Subject: Setting SameSite attribute

Hi Sarah,

That's exactly what I have on my Context.xml, this file was manually created, not generated.

Does it work for you on "Tomcat 9.0.13"?

------------------------------
Peter Cheng
E2open

Original Message:
Sent: 10-29-2020 17:57
From: Sarah Gerards-Gilbert
Subject: Setting SameSite attribute

Hi Peter,

I have been investigating and have not been able to find the solution for this for Tomcat 9.0.13.
It looks like the functionality for setting the samesite cookies is available from Tomcat 9.0.21 and higher, however.
In this version you can generate a context.xml file, which should be saved to the webapps/<appname>/META-INF folder.  I have attached an example.

Please let me know if you have any additional questions.

Thanks, Sarah

------------------------------
Sarah Gerards-Gilbert
Rocket Software

Original Message:
Sent: 09-22-2020 11:03
From: Peter Cheng
Subject: Setting SameSite attribute

Does anyone know how to set SameSite = "Strict" to JSESSIONID cookie in TomCat 9_0_13?  Thanks

------------------------------
Peter Cheng
E2open
------------------------------

Hi Peter,

For LegaSuite 8.5.1, I would use the latest Tomcat 9 version, which is: 9.0.53.
Please let me know if you have further questions regarding this.

Thanks, Sarah


------------------------------
Sarah Gerards-Gilbert
Principal Technical Support Engineer
Rocket Software
------------------------------

Original Message:
Sent: 09-20-2021 10:31
From: Peter Cheng
Subject: Setting SameSite attribute

Hi Sarah,

We are looking to upgrade TomCat server for Legasuite.  Does Rocket have a version that it recommends? I am still on Legasuite 8.5.1

Thanks

Peter

------------------------------
Peter Cheng
Advisory Information Engineering
Amber Road Inc
Parsippany NJ United States

Original Message:
Sent: 11-04-2020 16:57
From: Sarah Gilbert
Subject: Setting SameSite attribute

Hi Peter,

I manually created (generated was a poor choice of words) the context.xml too.  I tried it on 9.0.37, where it worked, and 9.0.13, where it was ignored.
As far as I can currently determine a global same-site cookie setting in the default Rfc6265CookieProcessor was introduced in Tomcat 9.0.21 and backported to Tomcat 8.5.41.  It's not available in 9.0.13.
There may be options for securing the samesite cookie in Apache Web Server and using it in front of Tomcat.  I believe there are a number of articles online for doing this.  Or an alternative may be to upgrade your version of Tomcat, when this is a viable option.

Thanks, Sarah

------------------------------
Sarah Gerards-Gilbert
Rocket Software

Original Message:
Sent: 11-04-2020 14:58
From: Peter Cheng
Subject: Setting SameSite attribute

Hi Sarah,

That's exactly what I have on my Context.xml, this file was manually created, not generated.

Does it work for you on "Tomcat 9.0.13"?

------------------------------
Peter Cheng
E2open

Original Message:
Sent: 10-29-2020 17:57
From: Sarah Gerards-Gilbert
Subject: Setting SameSite attribute

Hi Peter,

I have been investigating and have not been able to find the solution for this for Tomcat 9.0.13.
It looks like the functionality for setting the samesite cookies is available from Tomcat 9.0.21 and higher, however.
In this version you can generate a context.xml file, which should be saved to the webapps/<appname>/META-INF folder.  I have attached an example.

Please let me know if you have any additional questions.

Thanks, Sarah

------------------------------
Sarah Gerards-Gilbert
Rocket Software

Original Message:
Sent: 09-22-2020 11:03
From: Peter Cheng
Subject: Setting SameSite attribute

Does anyone know how to set SameSite = "Strict" to JSESSIONID cookie in TomCat 9_0_13?  Thanks

------------------------------
Peter Cheng
E2open
------------------------------