Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-793

deleteMe cookie should use the defined "sameSite"

    XMLWordPrintableJSON

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Major
    • Resolution: Resolved
    • Affects Version/s: None
    • Fix Version/s: 1.7.0, 2.0.0
    • Component/s: None
    • Labels:
      None

      Description

      With Chrome increasing security of cookies not defining any SameSite options, the deleteMe cookie may be blocked by Chrome under some circumstances.
      For example, when an app is used within a cross-site iframe, one must defined the option SameSite=None option. This works for the main cookie, but the deleteMe is currently blocked. This commit fixes this.

       

      https://github.com/apache/shiro/pull/257

        Attachments

          Issue Links

          links to

          Web Link GitHub Pull Request #257

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                bdemers Brian Demers
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m