Skip to main content
Does anyone know how to set SameSite = "Strict" to JSESSIONID cookie in TomCat 9_0_13?  Thanks





------------------------------
Peter Cheng
E2open
------------------------------
Does anyone know how to set SameSite = "Strict" to JSESSIONID cookie in TomCat 9_0_13?  Thanks





------------------------------
Peter Cheng
E2open
------------------------------
Hi Peter,

I know that it is possible to modify the context.xml for Tomcat for SameSite Cookies.
I am investigating this further.

Thanks, Sarah

------------------------------
Sarah Gerards-Gilbert
Rocket Software
------------------------------
Does anyone know how to set SameSite = "Strict" to JSESSIONID cookie in TomCat 9_0_13?  Thanks





------------------------------
Peter Cheng
E2open
------------------------------
Hi Peter,

I have been investigating and have not been able to find the solution for this for Tomcat 9.0.13.
It looks like the functionality for setting the samesite cookies is available from Tomcat 9.0.21 and higher, however.
In this version you can generate a context.xml file, which should be saved to the webapps/<appname>/META-INF folder.  I have attached an example.

Please let me know if you have any additional questions.

Thanks, Sarah

------------------------------
Sarah Gerards-Gilbert
Rocket Software
------------------------------
Hi Peter,

I have been investigating and have not been able to find the solution for this for Tomcat 9.0.13.
It looks like the functionality for setting the samesite cookies is available from Tomcat 9.0.21 and higher, however.
In this version you can generate a context.xml file, which should be saved to the webapps/<appname>/META-INF folder.  I have attached an example.

Please let me know if you have any additional questions.

Thanks, Sarah

------------------------------
Sarah Gerards-Gilbert
Rocket Software
------------------------------
Hi Sarah,

That's exactly what I have on my Context.xml, this file was manually created, not generated.

Does it work for you on "Tomcat 9.0.13"?

------------------------------
Peter Cheng
E2open
------------------------------
Hi Sarah,

That's exactly what I have on my Context.xml, this file was manually created, not generated.

Does it work for you on "Tomcat 9.0.13"?

------------------------------
Peter Cheng
E2open
------------------------------
Hi Peter,

I manually created (generated was a poor choice of words) the context.xml too.  I tried it on 9.0.37, where it worked, and 9.0.13, where it was ignored.
As far as I can currently determine a global same-site cookie setting in the default Rfc6265CookieProcessor was introduced in Tomcat 9.0.21 and backported to Tomcat 8.5.41.  It's not available in 9.0.13.
There may be options for securing the samesite cookie in Apache Web Server and using it in front of Tomcat.  I believe there are a number of articles online for doing this.  Or an alternative may be to upgrade your version of Tomcat, when this is a viable option.

Thanks, Sarah

------------------------------
Sarah Gerards-Gilbert
Rocket Software
------------------------------
Hi Peter,

I manually created (generated was a poor choice of words) the context.xml too.  I tried it on 9.0.37, where it worked, and 9.0.13, where it was ignored.
As far as I can currently determine a global same-site cookie setting in the default Rfc6265CookieProcessor was introduced in Tomcat 9.0.21 and backported to Tomcat 8.5.41.  It's not available in 9.0.13.
There may be options for securing the samesite cookie in Apache Web Server and using it in front of Tomcat.  I believe there are a number of articles online for doing this.  Or an alternative may be to upgrade your version of Tomcat, when this is a viable option.

Thanks, Sarah

------------------------------
Sarah Gerards-Gilbert
Rocket Software
------------------------------
Hi Sarah,

We are looking to upgrade TomCat server for Legasuite.  Does Rocket have a version that it recommends? I am still on Legasuite 8.5.1

Thanks

Peter

------------------------------
Peter Cheng
Advisory Information Engineering
Amber Road Inc
Parsippany NJ United States
------------------------------
Hi Sarah,

We are looking to upgrade TomCat server for Legasuite.  Does Rocket have a version that it recommends? I am still on Legasuite 8.5.1

Thanks

Peter

------------------------------
Peter Cheng
Advisory Information Engineering
Amber Road Inc
Parsippany NJ United States
------------------------------
Hi Peter,

For LegaSuite 8.5.1, I would use the latest Tomcat 9 version, which is: 9.0.53.
Please let me know if you have further questions regarding this.

Thanks, Sarah


------------------------------
Sarah Gerards-Gilbert
Principal Technical Support Engineer
Rocket Software
------------------------------
Terms & ConditionsAccessibility statement