I am trying to set SameSite=None Flag to my cookie but when I check in developer tools in chrome, SameSite=None is showing it as another cookie. Please help.
Test URL: https://elbtest.s2d6.com/x/?x=c&z=s&v=7100096
val cookieString = "949413017=533c892b32cf4a46961a38f8c56b33eb320412596|6386|323064|7100096|14988;Expires=Wed, 30 Sep 2020 12:45:30 GMT;Path=/;Domain=s2d6.com;Secure;SameSite=None"
val finalURL = "https://www.google.com/"
resp = Redirect(finalURL).withHeaders(SET_COOKIE -> cookieString)
PFB the set-cookie headers i see in developer tools:
I think you are out of luck. Play 2.3 is a very old release and it’s not supported anymore nor does it have support for the SameSite cookie.
The Problem is that this code here checks if there is a set-cookie header and if there is it converts this header into a Cookie object:
Unfortunately the Cookie class does not support the SameSite attribute:
Therefore I am pretty sure there is nothing you or we can do to help you in regards of Play.
Options are you upgrade Play or you do same fancy hack by rewriting the set-cookie header(s) with a reverse proxy (nginx, etc.)
Just wanted to know if it was possible to achieve this in the play 2.3 ecosystems or not before moving on. Needed to be sure if I am not missing something obvious. Went for the poxy solution for now till the time we go for the complete Play version upgrade.
Note: You can post the same on StackOverflow and I will grant you the bounty. The link is in the question.