SameSite cookies with Apache

#web

Almost two years ago I wrote about how you can enable SameSite cookies with IIS on cookies that do not have the ability to be written as SameSite. Today I was helping a client on Apache do the same thing, here's how we can add SameSite=lax to a JSESSIONID cookie for example:

Header edit Set-Cookie ^(JSESSIONID.\*)$ $1;SameSite=lax

But suppose you just wanted to make all cookies set by your web app SameSite, you can just do this:

Header edit Set-Cookie ^(.\*)$ $1;SameSite=lax

This works by appending ;SameSite=lax to the end of all Set-Cookie http response headers.

Top comments (0)

Boost Your Code's Efficiency: Introducing Semantic Cache with Qdrant

Rajaniraiyn R - Apr 25

Java Strings: Understanding string literal and new operator

Roshan Bhattarai - Apr 25

AWS Under the Hood - Day 7 - If ARNs are not used, what are other methods for identifying and managing resources in AWS?

Prashant Lakhera - Apr 26

Iot Software Development: Building Scalable + Secure Solutions

Yeti - Apr 26

DEV Community