|File link||File size||File description|
Unable to set SameSite cookie option with response.addheader
Unable to set samesite cookie option with response.addHeader
LOCAL FIX: N/A
All users of WebSphere Application Server
Unable to set the SameSite cookie attribute when using the HttpServletResponse.set/addHeader API
The SameSite cookie attribute is not currently supported by the IBM WebSphere Application Server. This leads the HTTP channel to not recognize the attribute as valid, which might result in the creation of a new Set-Cookie header, with the name of SameSite, when the attribute is set into Set-Cookie headers or existing cookies.
The HTTP channel code was changed to recognize the SameSite cookie attribute as a valid cookie attribute for cookies set by applications with HttpServletResponse.set/addHeader APIs.
Follow the SameSite RFE to be updated on changes to SameSite handling cookies set directly by the Application Server:
The fix for this APAR is targeted for inclusion in fix packs 22.214.171.124, 126.96.36.199, and Liberty 188.8.131.52.
The Git issue for Open Liberty can be found here: https://github.com/OpenLiberty/open-liberty/issues/10384 .
Refer to the Recommended Updates page for delivery information:
Download the UpdateInstaller below to install the V70 fix.
Review the readme.txt for detailed installation instructions.
|V85 Readme (184.108.40.206)||3986|
|DOWNLOAD||RELEASE DATE||SIZE(Bytes)||DOWNLOAD Options
What is Fix Central(FC)?
|220.127.116.11-WS-WAS-IFPH20912||03 February 2020||268398||FC|
|18.104.22.168-WS-WAS-IFPH20912||22 April 2020||267336||FC|
|22.214.171.124-WS-WAS-IFPH20912||03 February 2020||273986||FC|
|126.96.36.199-WS-WAS-IFPH20912||05 February 2020||266492||FC|
|188.8.131.52-WS-WAS-IFPH20912||05 February 2020||18459||FC|
Contact IBM Support at https://www.ibm.com/software/mysupport/s/ or 1-800-IBM-SERV (US only).
22 April 2020