Is your feature request related to a problem? Please describe.
Currently browsers block cookies cross domain if the flag samesite=none and secure are not set. For that reason, we loose the authentication sate.
Describe the solution you'd like
Class: jakarta.servlet.http.Cookie
Add accessor String getSameSite() and void setSameSite(String) to allow setting the flag
web.xml
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
<same-site>none</same-site>
</cookie-config>
Describe alternatives you've considered
- Use a servlet filter to use Set-Cookie headers to bypass the servlet api limitations
- Intercept responses on a proxy and rewrite the Set-Cookie headers
-> this is non-standard and should not be done in my opinion
Is your feature request related to a problem? Please describe.
Currently browsers block cookies cross domain if the flag samesite=none and secure are not set. For that reason, we loose the authentication sate.
Describe the solution you'd like
Class: jakarta.servlet.http.Cookie
Add accessor String getSameSite() and void setSameSite(String) to allow setting the flag
web.xml
Describe alternatives you've considered
-> this is non-standard and should not be done in my opinion