Servlet 3.0, Tomcat 7 & Nginx: Setting Cookie 'secure' & 'SameSite=lax' with SSL
In Servlet 3.0 and Tomcat 7, you can set the 'secure' and 'SameSite' attributes of cookies to 'lax' by adding the following to the <web-app> tag in your web.xml file:
<session-config>
<cookie-config>
<secure>true</secure>
<same-site>lax</same-site>
</cookie-config>
</session-config>
In Nginx, you can set the 'secure' and 'SameSite' attributes of cookies to 'lax' by adding the following to your server block:
location / {
proxy_pass http://backend;
proxy_cookie_path / "/; secure; SameSite=lax";
}
This will set the 'secure' and 'SameSite' attributes of cookies to 'lax' on the proxy server. Note that this setting only affects cookies that are transmitted through the proxy server. If your website uses SSL directly, you need to set the 'secure' and 'SameSite' attributes of cookies to 'lax' on the server-side.
原文地址: https://www.cveoy.top/t/topic/n6US 著作权归作者所有。请勿转载和采集!