Fixes are available
APAR status
Closed as program error.
Error description
unable to set samesite cookie option with response.addHeader
Local fix
N/A
Problem summary
**************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * * **************************************************************** * PROBLEM DESCRIPTION: Unable to set the SameSite * * cookie attribute when using the * * HttpServletResponse.set/addHeader API * **************************************************************** * RECOMMENDATION: * **************************************************************** The SameSite cookie attribute is not currently supported by the IBM WebSphere Application Server. This leads the HTTP channel to not recognize the attribute as valid, which might result in the creation of a new Set-Cookie header, with the name of SameSite, when the attribute is set into Set-Cookie headers or existing cookies.
Problem conclusion
The HTTP channel code was changed to recognize the SameSite cookie attribute as a valid cookie attribute for cookies set by applications with HttpServletResponse.set/addHeader APIs. Please follow the SameSite RFE to be updated on changes to SameSite handling cookies set directly by the Application Server: https://www.ibm.com/developerworks/rfe/execute? use_case=viewRfe&CR_ID=119022 The fix for this APAR is currently targeted for inclusion in fix packs 8.5.5.18, 9.0.5.4, and Liberty 20.0.0.2. The Git issue for Open Liberty can be found here: https://github.com/OpenLiberty/open-liberty/issues/10384 . Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss? rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PH20912
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-01-10
Closed date
2020-02-03
Last modified date
2020-02-03
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
R850 PSY
UP
R900 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
02 November 2021