SameSite cookie attribute
Simone Bordet
simone.bordet at gmail.com
Tue Nov 19 20:28:44 UTC 2019
Hi,
Google Chrome is about to support a new attribute called `SameSite` in cookies.
https://blog.chromium.org/2019/10/developers-get-ready-for-new.html.
I guess other browsers will soon follow.
The specification
(https://tools.ietf.org/html/draft-west-cookie-incrementalism-00) is
still in draft, but Chrome 80 (currently unstable) already support the
SameSite attribute and issues a warning when not present.
On the Servlet APIs side, this is being worked on at
https://github.com/eclipse-ee4j/servlet-api/issues/175.
Currently JDK cookie classes do not support (obviously) this new
attribute, but I wanted to start a discussion to support this in Java
11's HttpClient and in java.net.[HttpCookie|CookieManager|CookieStore]
classes, possibly with backport to Java 11.
Would be great if the current Java cookie classes can be "refreshed"
to support the new cookie RFCs, namely 6265 and 6265bis.
Thanks!
--
Simone Bordet
---
Finally, no matter how good the architecture and design are,
to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless. Victoria Livschitz
More information about the net-dev
mailing list