Unable to Add SameSite Cookie Attribute Value in Jetty 12 EE8 environment with Java 17 #12241
Comments
|
My answer is still the same as per the jetty mailing list, which I'm reproducing here for anyone else following:
If you are seeing a Also, as per Simone's response to you on the mailing list, commercial timescale support is available from Webtide at www.webtide.com |
|
Thanks Jan Bartel for the reply, I have identified the SessionHandler class in the following packages in Jetty 12: org.eclipse.jetty.session.SessionHandler To obtain the org/eclipse/jetty/session/SessionHandler, I have added the jetty-session-12.0.8.jar to my classpath. Additionally, to test the org/eclipse/jetty/ee8/nested/SessionHandler, I have included the jetty-ee8-nested-12.0.8.jar in my classpath. Below is the content of my jetty.xml file: After adding these JARs to the classpath, I encounter a NoSuchMethodException. This is because the value being passed to the setSameSite Method is a String, and no method exists that accepts a String argument. |
|
You can just convert the string to the correspondent enum constant: <New id="SessionHandler" class="org.eclipse.jetty.ee8.nested.SessionHandler">
<Set name="sameSite">
<Call class="org.eclipse.jetty.http.HttpCookie$SameSite" name="from">
<Arg>Lax</Arg>
</Call>
</Set>
</New>I did not actually try, but you get the idea -- it's just Java code in XML format. |
|
@sbordet the original <session-config>
<cookie-config>
<http-only>true</http-only>
<comment>__SAME_SITE_STRICT__</comment>
</cookie-config>
</session-config>That is supported on ee8 / ee9 and should work as-is. |
|
@joakime hhmmm, looks like supporting same-site via comment might be broken in ee8/9. Let me look into it further. For now, the canonical way to set it as per @sbordet suggestion: <New id="SessionHandler" class="org.eclipse.jetty.ee8.nested.SessionHandler">
<Set name="sameSite">
<Call class="org.eclipse.jetty.http.HttpCookie$SameSite" name="from">
<Arg>Lax</Arg>
</Call>
</Set>
</New> |
|
Re-added SameSite cookie setting via comment in ee8/9. |
|
Thank you for re-adding the SameSite cookie setting via comment in EE8/9. This change is incredibly helpful and greatly appreciated! |
Jetty Version : 12
Jetty Environment : ee8
Java Version : 17
Question : Unable to Add SameSite Cookie Attribute Value in Jetty 12 EE8 environment with Java 17
Our application was able to configure the SameSite cookie attribute value through web.xml when using Jetty 9:
However, after migrating to Jetty 12, using EE8 environment this configuration no longer works through web.xml. It appears that this method of configuration has been removed in Jetty 12. In jetty documentation does not found valid alternative for this setup.
I attempted to set the SameSite value using SessionHandler in jetty.xml, but was unable to pass a String value to the setSameSite method. I tried the following configuration:
This resulted in the following error:
java.lang.NoSuchMethodException: class org.eclipse.jetty.session.SessionHandler.setSameSite(class java.lang.String). Found setters for org.eclipse.jetty.http.HttpCookie$SameSite
Our application uses the following setup:
Java 17
Jetty 12 as the server
Using EE8 environment
Servlet API version 2.5
Since our application relies on legacy code, we cannot upgrade to a newer version of the Servlet API.
The text was updated successfully, but these errors were encountered: