set SameSite for all cookies

SpeckiJ · SpeckiJ · commit 3f8bbca11187 · 2023-06-16T12:48:04.000+02:00
diff --git a/webapp/src/main/webapp/META-INF/context.xml b/webapp/src/main/webapp/META-INF/context.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Context>
+
+    <!-- Add SameSite to the cookies -->
+    <CookieProcessor
+            sameSiteCookies="strict" />
+
+</Context>
diff --git a/webapp/src/main/webapp/WEB-INF/web.xml b/webapp/src/main/webapp/WEB-INF/web.xml
@@ -1,5 +1,11 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee  http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee  http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
+    <session-config>
+        <cookie-config>
+            <http-only>true</http-only>
+            <secure>true</secure>
+            <comment>__SAME_SITE_STRICT__</comment>
+        </cookie-config>
+    </session-config>
     <display-name>${project.parent.name}; Git-Branch: '${git.branch}'; Git-Commit: '${git.commit.id}' @ ${git.commit.time}; Build time: ${git.build.time}</display-name>
     <description>This is an OGC SOS.</description>
     <context-param>
