SameSite cookies with Apache
Almost two years ago I wrote about how you can enable SameSite cookies with IIS on cookies that do not have the ability to be written as SameSite. Today I was helping a client on Apache do the same thing, here's how we can add
SameSite=lax to a
JSESSIONID cookie for example:
Header edit Set-Cookie ^(JSESSIONID.*)$ $1;SameSite=lax
But suppose you just wanted to make all cookies set by your web app SameSite, you can just do this:
Header edit Set-Cookie ^(.*)$ $1;SameSite=lax
This works by appending
;SameSite=lax to the end of all
Set-Cookie http response headers.
Like this? Follow me ↯Tweet Follow @pfreitag
SameSite cookies with Apache was first published on February 10, 2020.