Articles in this section
Category / Section

How to configure SameSite cookie setting in Gluu Server

Published:
1 min read

How to configure “SameSite=None” cookie setting in Gluu Server

  • Open the https_gluu.conf file of your Gluu Server’s Apache.

  • Modify like below:

     Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
    
     #    Header edit Set-Cookie ^((?!opbs|session_state).*)$ $1;HttpOnly
     Header edit Set-Cookie ^((opbs|session_state|session_id).*)$ $1;HttpOnly;Secure;SameSite=None
     Header edit Set-Cookie ^((org.gluu.i18n.Locale|current_session|rp_session_id|JSESSIONID).*) $1;HttpOnly;Secure;SameSite=Lax
    
     SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
    
    
  • Restart apache

  • Setting should look like below

Gluu_CE_sameSite_result.png

Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
Access denied
Access denied