ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
SameSite cookies configuration
Article ID: 221961
Updated On:
Products
Clarity PPM On Premise
Issue/Introduction
How to set SameSite Value to Lax in Clarity?
The SameSite attribute of the Set-Cookie HTTP response header allows you to declare if your cookie should be restricted to a first-party or same-site context.
Note: Standards related to the Cookie SameSite attribute recently changed such that:
- The cookie-sending behavior if SameSite is not specified is SameSite=Lax.Previously the default was that cookies were sent for all requests.
- Cookies with SameSite=None must now also specify the Secure attribute (they require a secure context/HTTPS).
Cause
Configuration
Environment
Release : 15.8.1 and higher
Component : CLARITY SECURITY INTEGRATION
Resolution
On Premise Customer Only
- Clarity configured to run as as HTTPS, then Use Secure Session Cookie setting in CSA can be used and no need to set SameSite Value to Lax
- Clarity configured to run as as HTTP and and the requirement to set SameSite Value to Lax then below steps to be followed
- Stop all the Clarity Services
- Login to database using any database client and execute the below update
- UPDATE CMN_OPTION_VALUES SET VALUE = 'Lax' WHERE OPTION_ID = (SELECT id FROM cmn_options WHERE option_code = 'LOGIN_COOKIE_SAMESITE_VALUE')
- Restart all the clarity service and check the cookie value in the browser trace and it should be coming as Lax.
Feedback
Yes
No
Powered by
