My Profile
Sign Out
Tickets
Knowledge Base
Login
Articles in this section
Category / Section
  2. Public
  3. Product support

How to configure SameSite cookie setting in Gluu Server

Published:
1 min read

How to configure “SameSite=None” cookie setting in Gluu Server

  • Open the https_gluu.conf file of your Gluu Server’s Apache.

  • Modify like below:

     Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

 #    Header edit Set-Cookie ^((?!opbs|session_state).*)$ $1;HttpOnly
 Header edit Set-Cookie ^((opbs|session_state|session_id).*)$ $1;HttpOnly;Secure;SameSite=None
 Header edit Set-Cookie ^((org.gluu.i18n.Locale|current_session|rp_session_id|JSESSIONID).*) $1;HttpOnly;Secure;SameSite=Lax

 SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

  • Restart apache

  • Setting should look like below

Gluu_CE_sameSite_result.png

Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
Access denied
Access denied