hugogoncalves
commented
3 years ago Simply said, SameSite attribute is not part of Servlet API 3.1 so we have no support .
I lost maybe 2 days looking for a solution. It looks we can try to use a more recent version of Jetty and set comment
cookie atribute
cookieHttp.setComment(HttpCookie.SAME_SITE_NONE_COMMENT);
This is little fishy.
https://wiki.shibboleth.net/confluence/display/DEV/Tomcat+and+Jetty+SameSite+Workarounds
I have not tried this solution. I have make some atemps with filters.
Cookie prefix, session expiry etc. can all be set via application.conf, but I haven't been able to set the SameSite attribute thus far.
Has anybody else?
Is it documented anywhere?