Category / Section
How to configure SameSite cookie setting in Gluu Server
Published:
1 min read
How to configure “SameSite=None” cookie setting in Gluu Server
-
Open the
https_gluu.conf
file of your Gluu Server’s Apache. -
Modify like below:
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" # Header edit Set-Cookie ^((?!opbs|session_state).*)$ $1;HttpOnly Header edit Set-Cookie ^((opbs|session_state|session_id).*)$ $1;HttpOnly;Secure;SameSite=None Header edit Set-Cookie ^((org.gluu.i18n.Locale|current_session|rp_session_id|JSESSIONID).*) $1;HttpOnly;Secure;SameSite=Lax SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
-
Restart apache
-
Setting should look like below