Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-793

deleteMe cookie should use the defined "sameSite"

Attach filesAttach ScreenshotVotersWatch issueWatchersLinkUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Major
    • Resolution: Resolved
    • None
    • 1.7.0, 2.0.0-alpha
    • None
    • None

    Description

      With Chrome increasing security of cookies not defining any SameSite options, the deleteMe cookie may be blocked by Chrome under some circumstances.
      For example, when an app is used within a cross-site iframe, one must defined the option SameSite=None option. This works for the main cookie, but the deleteMe is currently blocked. This commit fixes this.

       

      https://github.com/apache/shiro/pull/257

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            bdemers Brian Demers
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 20m
                20m

                Slack

                  Issue deployment