Setting Cookie through response Header

Hi Guys,

I am trying to set SameSite=None Flag to my cookie but when I check in developer tools in chrome, SameSite=None is showing it as another cookie. Please help.

Test URL: https://elbtest.s2d6.com/x/?x=c&z=s&v=7100096
val cookieString = "949413017=533c892b32cf4a46961a38f8c56b33eb320412596|6386|323064|7100096|14988;Expires=Wed, 30 Sep 2020 12:45:30 GMT;Path=/;Domain=s2d6.com;Secure;SameSite=None"
val finalURL = "https://www.google.com/"
resp = Redirect(finalURL).withHeaders(SET_COOKIE -> cookieString)

PFB the set-cookie headers i see in developer tools:

set-cookie: SameSite=None; Path=/
set-cookie: 949413017=27124ab4e77a44199bdaad436be071a3864846875|6386|323064|7100096|14988; Expires=Wed, 30 Sep 2020 12:45:30 GMT; Path=/; Domain=s2d6.com; Secure; HTTPOnly

I have posted this query on StackOverflow as well but no one has responded thus far.

SO URL: https://stackoverflow.com/questions/63671946/samesite-none-is-becoming-another-cookie

I can’t figure out why it’s happening. Any help would be greatly appreciated.

Note: I am using Scala 2.10/Play 2.3. I can’t update the framework as of now due to some legacy issues.

Thanks a ton!

I think you are out of luck. Play 2.3 is a very old release and it’s not supported anymore nor does it have support for the SameSite cookie.

The Problem is that this code here checks if there is a set-cookie header and if there is it converts this header into a Cookie object:

Unfortunately the Cookie class does not support the SameSite attribute:

Therefore I am pretty sure there is nothing you or we can do to help you in regards of Play.
Options are you upgrade Play or you do same fancy hack by rewriting the set-cookie header(s) with a reverse proxy (nginx, etc.)

Sorry.

1 Like

@mkurz , thank you so much!

Just wanted to know if it was possible to achieve this in the play 2.3 ecosystems or not before moving on. Needed to be sure if I am not missing something obvious. Went for the poxy solution for now till the time we go for the complete Play version upgrade.

Note: You can post the same on StackOverflow and I will grant you the bounty. The link is in the question.

Cheers!

Happy to help! The SO bounty seems to be expired, but that’s ok for me :wink: