[SHIRO-793] deleteMe cookie should use the defined "sameSite" - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Major
Resolution: Resolved
Affects Version/s: None
Fix Version/s: 1.7.0, 2.0.0-alpha
Component/s: None
Labels:
None

Description

With Chrome increasing security of cookies not defining any SameSite options, the deleteMe cookie may be blocked by Chrome under some circumstances.
For example, when an app is used within a cross-site iframe, one must defined the option SameSite=None option. This works for the main cookie, but the deleteMe is currently blocked. This commit fixes this.

https://github.com/apache/shiro/pull/257

Attachments

Issue Links

links to

GitHub Pull Request #257

Activity

People

Assignee:: Unassigned

Reporter:: Brian Demers

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 17/Oct/20 14:56

Updated:: 17/Oct/20 14:58

Resolved:: 17/Oct/20 14:58

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

20m