Hi. I am using 189-snapshot (express).
I have defined this.sessionCookie.sameSite = ‘lax’ in application.cfc, but the samesite is not set for cfid and cftoken. I would like to know how to set it.
I also added
<CookieProcessor sameSiteCookies='lax'/>
to tomcat’s conf/context.xml, but that doesn’t seem to work either.
Hi @reefle WELCOME!
I just did a quick test: I’ve opened the default welcome app and added the following application.cfc:
component {
this.Name = "samesiteCookieTest";
this.sessionTimeout = CreateTimeSpan(0, 0, 5, 1);
this.sessionManagement = true;
this.sessionCookie = { httpOnly=true, sameSite = "lax" };
this.setclientcookies = true;
this.sessionType = "cfml";
}
and it worked:
Does it also happens if you open the page directly through port 8888?
1 Like
For some reason I’m now seeing also something strange… in my example now the cookies aren’t being generated at all 
but as soon as I add: this.clientmanagement="true";
component {
this.Name = "samesiteCookieTest";
this.clientmanagement = "true"
this.sessionTimeout = CreateTimeSpan(0, 0, 5, 1);
this.sessionManagement = true;
this.sessionCookie = { httpOnly=true, sameSite = "lax" };
this.setclientcookies = true;
this.sessionType = "cfml";
}
Then the session cookies get generated along with the client cookies. I wonder why I had that image I shared?
1 Like
Thank you for your help. I solved it.
It was apparently not a Lucee problem. I may have had a problem with the Developer Tool in Chrome.
I restarted Lucee, opened the URL from a new tab, also cleared the cache, and reloaded the cookies, …!!
Lax was added. Apparently I wasted about an hour of my time… 
Thanks you andreas !
1 Like
Maybe I’m having the same issue now with my dev tool
going to shut my notebook down. Maybe it’s a good time to get some sleep 
1 Like
Always test cookies with curl or a fresh incognito browser (I.e a fresh session), otherwise it gets confusing as existing cookies don’t get updated
1 Like