Firefox SameSite Set cookie reject issue apache solution
A couple of days back while testing something I found the below warning in my Firefox console (Press F12 to get access to console).
as per the warning cookie from my application will be rejected soon, though they have not mentioned any timeline by when the cookie with current attributes will be supported?
through there is documentation which explains a bit about options one can use for
Set-Cookie to solve but that depends how you are setting your cookie..
Coming to solution part, if you are using apache then you can make global change in
httpd.conf file, one can also do from other places like using
HTACESS file or depends on the application cookie setting mechanism.
To solve the issue from apache. Below are the steps:
CentOS 6.x,7.x Apache 2.2.x
/etc/httpd/conf/httpd.conffile Check if
mod_headers.sois loaded if not do so by below command (in default apache installation it should be there already)
LoadModule headers_module modules/mod_headers.so
Add Header fix. I have added
Httpwith secure settings in
Set_Cookieto make sure that
SameSiteattribute have secure value.
Header always edit Set-Cookie (.*) "$1;HttpOnly;Secure;SameSite=Strict"
Finally, restart the webserver (apache)
service httpd restart
Now, FF Warning should go and hopefully cookies should be allowed.
All the best!