SameSite cookie attribute?

Question

SameSite cookie attribute?

Closed this issue a year ago · 2 comments

I've been noticing in the Mozilla developer tools the following warning for some time.

"Cookie “hunchentoot-session” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite botnets."

Digging into hunchentoot's SET-COOKIE functions there doesn't appear to be a way to introduce this attribute without modifying the COOKIE class. Am I missing something? What I would like to be able to do is set a default attribute value of "Strict".

It looks like eventually this is going to be a problem.

Thanks.

-- Jeff Cunningham

Answer 1 · 2023-11-12T13:11:53.000Z

I just noticed this is the same as issue #198. Sorry.

Answer 2 · 2023-11-12T13:12:57.000Z

Duplicate issue.