Troubleshooting
Problem
Chrome 80 has implemented a SameSite policy such that any cookie not explicitly set with a SameSite value is treated as SameSite=Lax.
Full technical details of the SameSite attribute are available in the following RFC: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7
Symptom
Symptoms vary depending on the use of the cookie. For example, SP initiated logins that use an IDP on a different domain which has not set "SameSite=None; Secure" on their session cookie has to constantly authenticate at the IDP because the session cookie is not sent. Other flows which require a cookie will unexpectedly fail. Applications protected by WebSEAL may have already updated cookies as necessary but they are showing up in the browser without the SameSite setting.
Document Location
Worldwide
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSZU8Q","label":"IBM Security Access Manager"},"Component":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF004","label":"Appliance"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
01 March 2023
UID
ibm11489113