问题
Tomcat's context.xml defines CookieProcessor (default LegacyCookieProcessor)
https://tomcat.apache.org/tomcat-9.0-doc/config/cookie-processor.html
I'm trying to add attribute(s) shown on cookie processor, however that doesn't seems to be working
I don't see Tomcat's response header cookie with sameSite attribute being set
回答1:
In your web application, inside the META-INF folder create a context.xml file with this inside.
<Context>
<CookieProcessor sameSiteCookies="strict" />
</Context>
If you already have a context.xml file, you just need to add the CookieProcessor element.
This behavior is possible since Tomcat 9.0.21 and 8.5.42.
Merged into Tomcat master on 20th of May 2019 with pull request 162
回答2:
Found answer to this :
- edit tomcat/conf/context.xml
- update CookieProcessor element on following lines say for setting SameSiteCookies in HTTP response headers's set-cookie.
<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" sameSiteCookies="strict" />
来源:https://stackoverflow.com/questions/57505939/how-to-set-samesite-cookie-in-tomcats-cookie-processor