Cookies management with Chrome

[nanobapt]

As seen on Lemon LDAP user mailing list, cookies need to be update for multiple domain support.

Solution is to upgrade to 2.0.9 Is it possible to upgrade to that version ?

Thanks,

Baptiste

[tiredofit]

Sounds very related to the Chrome Same Site issues that we're seeing all over the internet. The image should be at 2.0.9 already - You can verify by heading to the manager and looking in the top right hand corner where your username is and there should be a version number. Let me know..

[nanobapt]

Version of lemon is 2.0.9. Version of configuration 2.0.8, does it impact anything? Still the same issue ....

[tiredofit]

It very well might. We went through similar in our organization last week when we moved up to 2.0.9 (we are seeing some issues with performance/handlers running away with too much memory, but I dont have enough info to say its related) and just for safe measures we made a small configuration change to bump it up to 2.0.9. There may be a change in the config file that fixes this, but from what I could see on the list that it was code related.

However - after upgrading config to 2.0.9 and if still experiencing the problems, lets take a peek at your chrome console, it will output the error pretty quickly. I'm wondering if you also have some CSP settings that are set that may need to be modified.

[j-ledoux]

You should check LLNG upgrades notes, it helps a lot: https://lemonldap-ng.org/documentation/2.0/upgrade.html There are a few breaking changes in this version, such as LDAP certificate verification by default @nanobapt Regarding you specific issue, a new config parameter has been added in 2.0.8 called sameSite. Here is an extract of the release notes:

Cookie SameSite value: to avoid problems with recent browsers, SAML POST binding, LLNG cookies are now tagged as “SameSite=None”. You can change this value using manager, “SameSite=Lax” is best for installations without federations. Important note: if you’re using an unsecured connection (http:// instead of https://), “SameSite=None” will be ignored by browsers and users that already have a valid session might be prompted to login again.

Hope this helps

[nanobapt]

Ok My cookie was set to insecure. No everything is back to normal :) @j-ledoux thx for the advice ! I'll do it on later release ;)