Allow to change session_state cookie's "SameState" attribute

JanssenProject / jans

An open source enterprise digital identity platform for CIAM or workforce... Janssen is a distribution of standards-based, developer friendly, components that are engineered to work together in any cloud. #OAuth #OpenID #FIDO

https://docs.jans.io

Apache License 2.0

459 stars 73 forks source link

Allow to change session_state cookie's "SameState" attribute #366

Open martynaslawinska opened 3 years ago

martynaslawinska commented 3 years ago

mzico commented on Mar 23, 2020 There should be an option to modify "SameSite" attribute of session_state cookie. This will allow organization to modify their Gluu Server's cookie settings according to their own need.

Milton-Ch commented 2 years ago

If I understand correctly, idea here is to add a new json property to switch on/off "SameSite" config for session_state cookie. New json property could be called something like: sameSiteSessionStateCookie and could accept values: Lax, Strict, None or null.

yuriyz commented 2 years ago

Yes, correct. If not set then current behavior.