SameSite flag on Jetty session cookies

How can I add the flag SameSite=Lax or SameSite=Strict to session cookies generated by Jetty if I am using it to host war files?

Solution

Starting with Jetty 9.4.23, you can specify the desired SameSite value for JSESSIONID cookie set by Jetty in web.xml file of your web app like this:

<session-config>
    <cookie-config>
        <comment>__SAME_SITE_STRICT__</comment>
    </cookie-config>
</session-config>

Other possible values are __SAME_SITE_LAX__ and __SAME_SITE_NONE__.

See issue #4247 in Jetty for details.

Launch Jetty 9 Programmatically
Avoid 301 re-directs with HTTP POST requests in Jetty 12
How to add servlet Filter with embedded jetty
Why use server.join() in Embedded Jetty
Maven Jetty - do not reload the whole application when modifying only static files
Geoserver and moving to HTTPS
Spring6, Jersey3, Jetty12, SEVERE: Spring context lookup failed, skipping spring component provider initialization
How to POST with Curl to configSubmit Jenkins page
Error when using selfhosted (Jetty) Metabase with ssl inside docker container
Serving static html files using DefaultServlet on embedded Jetty
Turn off WICKET AJAX DEBUG
java.lang.ClassNotFoundException: jakarta.servlet.http.HttpSessionContext with Spring Boot 3 and Jetty server
How do I create an embedded WebSocket server Jetty 9?
Jetty embedded and JSP compilation to 1.7?
Deploying Jakarta EE Application on Jetty 12: from jetty-ee10-maven-plugin to deployment on Jetty, ClassNotFoundException and CDIProvider Issues
GAE on java 21 throws NullPointerException at CookieCache.parseCookies()
Multiple HttpSession Objects for One Logged-In User
How to control VM arguments for maven-jetty-plugin?
Jetty tmp Multipart files not being deleted after upload
Jetty Server 9 to 12 migration
Setting WebSocket session idle timeout using Spring's Websocket API & Jetty 10
is it possible to debug camel rest dsl component with jetty and unirest
Missing Jetty HttpConnection class in Ktor fat JAR
Jetty 11: Set idle timeout for WebSockets programmatically and via configuration file
How do I change the default jetty port using dockerized jetty
Profiling jetty with visualvm is super slow
How do you set in Jetty 12 a max request size programmatically
Custom Jetty WebSocketPolicy with Spring Web Sockets and STOMP
Jetty set extraClasspath doesn't work after updating the jetty-maven-plugin
Missing jetty-servlet 12.0.0 dependency