How to enable samesite for jsessionid cookie

Question

How can I enable samesite for my web application which runs on wildfly as. Checked standalone.xml however could not find an appropriate tag within

Answer 1

One workaround is to hack the SameSite setting into the cookie by using another attribute (e.g. comment):

But because Undertow quotes the comment (and other) values when using version 0 or version 1 cookies, JBoss/WildFly needs to be running with the io.undertow.cookie.DEFAULT_ENABLE_RFC6265_COOKIE_VALIDATION system property set to true:

 ./bin/standalone.sh -Dio.undertow.cookie.DEFAULT_ENABLE_RFC6265_COOKIE_VALIDATION=true

This will give you the desired result:

This approach is obviously hacky, and relies entirely on Undertow implementation details, so I'd recommend configuring on the web server or load balancer level instead.