IBM Support

PH20912: UNABLE TO SET SAMESITE COOKIE OPTION WITH RESPONSE.ADDHEADER

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • unable to set samesite cookie option with response.addHeader
    

Local fix

  • N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of WebSphere Application Server   *
    *                                                              *
    ****************************************************************
    * PROBLEM DESCRIPTION: Unable to set the SameSite              *
    *                      cookie attribute when using the         *
    *                      HttpServletResponse.set/addHeader API   *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    The SameSite cookie attribute is not currently supported by
    the IBM WebSphere Application Server. This leads the HTTP
    channel to not recognize the attribute as valid, which might
    result in the creation of a new Set-Cookie header, with the
    name of SameSite, when the attribute is set into Set-Cookie
    headers or existing cookies.
    

Problem conclusion

  • The HTTP channel code was changed to recognize the SameSite
    cookie attribute as a valid cookie attribute for cookies set
    by applications with HttpServletResponse.set/addHeader APIs.
    
    Please follow the SameSite RFE to be updated on changes to
    SameSite handling cookies set directly by the Application
    Server:
    
    https://www.ibm.com/developerworks/rfe/execute?
    use_case=viewRfe&CR_ID=119022
    
    
    The fix for this APAR is currently targeted for inclusion in
    fix packs 8.5.5.18, 9.0.5.4, and Liberty 20.0.0.2. The Git
    issue for Open Liberty can be found here:
    https://github.com/OpenLiberty/open-liberty/issues/10384 .
    Please refer to the Recommended Updates page for delivery
    information:
    http://www.ibm.com/support/docview.wss?
    rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH20912

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2020-01-10

  • Closed date

    2020-02-03

  • Last modified date

    2020-02-03

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R850 PSY

       UP

  • R900 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
17 October 2021