Add SameSite Property to JBoss AS7.1 Application

Asked Jan 14 '19 at 11:28

Active Jan 14 '19 at 16:12

Viewed 1,704 times

I have an JBoss AS7.1 web application. I want to make it more secure, so i added some attributes to my web.xml.

<session-config>
    <session-timeout>120</session-timeout>
    <cookie-config>
        <domain>example.com</domain>
        <http-only>true</http-only>
        <secure>true</secure>
    </cookie-config>
</session-config>

This ended up with:

Now i want to check the "SameSite" attribute. I tried to create a servlet filter, where i set the header of my "Set-Cookie" attribute, as described under How to set SameSite attribute? but it did not work.

Anybody knows, how to add the "SameSite" attribute to an JSF web application running on JBoss AS7.1?

edited Jan 14 '19 at 16:12

Kukeltje

12,085
4
21
46

asked Jan 14 '19 at 11:28

Anton Styopin

Did you get it working in an almost empty web project without jsf but with a simple jsp? – Kukeltje Jan 14 '19 at 12:48
Haven't tried it. – Anton Styopin Jan 14 '19 at 12:54
please so. If that does not work either, the question is not jsf related and you have narrowed it down – Kukeltje Jan 14 '19 at 14:33
I tried it! It is NOT working. Why is the question not jsf related? – Anton Styopin Jan 14 '19 at 15:03
99.9% percent of the things you configure in web.xml are not related to jsf but basic (java) web development. If it fails in the simple non-jsf application you tried, you have proof it is not jsf related – Kukeltje Jan 14 '19 at 16:11
Well ok but the "sameSite" attribute IS NOT configurable in the web.xml. So i think there has to be a way to implement it somehow in a jsf related environment. – Anton Styopin Jan 15 '19 at 07:32
No to a java web environment – Kukeltje Jan 15 '19 at 07:51

Add SameSite Property to JBoss AS7.1 Application

0 Answers0