OS: Windows Server 2012 R2 Standard
Java Version: 1.8.0_66 (Oracle Corporation) 64bit
Tomcat Version: 9.0.33
Lucee Version: 5.3.5.92
This is the Chrome error:
A cookie associated with a cross-site resource at http://www.mysite.com/ was set without the SameSite
attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with SameSite=None
and Secure
. You can review cookies in developer tools under Application>Storage>Cookies and see more details at Chrome Platform Status and Chrome Platform Status.
To get rid of the error I updated to Tomcat 9.0.33 (AND updated to this new version of Lucee) which has the cookieProcessor support.
tomcat\conf\context.xml I added the following:
< CookieProcessor className=“org.apache.tomcat.util.http.Rfc6265CookieProcessor” sameSiteCookies=“none” / >
Issue:
After doing all of this the cookies seem to not work. Unless the url contains the cfid and cftoken the session is lost. So stuff like our session based shopping carts are lost. Session variables that keep logged in variables are gone, so users are sent to the login page, etc.
I suspected it was related to updating to Tomcat 9.0.33, however after restoring the lib and bin folders back to Tomcat version 8.0.28, restating Lucee and IIS, the issue persists.
Lucee Admin Server and Web Scope has the following settings:
Sesstion Type: Application, Session Management, Client Cookies. Session Storage: Memory, Client Storage: cookie
I’ve spent 2 days trying to get all of this to work. Does anyone have suggestions for me to look at? I’ve exhausted my options and have no one else to help me troubleshoot this. Thanks!