SameSite flag on Jetty session cookies

Starting with Jetty 9.4.23, you can specify the desired SameSite value for JSESSIONID cookie set by Jetty in web.xml file of your web app like this:

<session-config>
    <cookie-config>
        <comment>__SAME_SITE_STRICT__</comment>
    </cookie-config>
</session-config>

Other possible values are __SAME_SITE_LAX__ and __SAME_SITE_NONE__.

See issue #4247 in Jetty for details.

Tags:

Jetty

Session Cookies

Related