Support for Partitioned cookie attribute

Question

Support for Partitioned cookie attribute

bachkilan opened this issue 7 months ago · comments

bachkilan commented 7 months ago

Expected Behavior

able to add Partitioned cookie attribute for spring session in DefaultCookieSerializer

Current Behavior

no field available for partitioned

Context

This is relevant for webapps embedded in IFrames across domains, typically those which already have configured "SameSite=None" cookie attribute: starting 2024, Google/Chrome will start phasing out third-party cookies, see https://developers.google.com/privacy-sandbox/3pcd

we need to have this attribute set to have our site working embedded in chrome.

Marcus Hert Da Coregio · Answer 1 · Thu Feb 15 2024 00:32:14 GMT+0800 (China Standard Time)

Hi, @bachkilan. Thanks for the report.

I believe that we can add a setCookieCustomizer(Consumer<ResponseCookie.ResponseCookieBuilder> cookieCustomizer) that would allow us to customize any attribute available in ResponseCookieBuilder. It would look like spring-projects/spring-security#12237. It would also deprecate the other attribute's setter methods since we will prefer to set your own customizer than setting each attribute individually.

Are you interested in submitting a PR that adds the new setter?

Marcus Hert Da Coregio · Answer 2 · Mon Mar 11 2024 21:59:23 GMT+0800 (China Standard Time)

Related spring-projects/spring-framework#31454

Stefan · Answer 3 · Wed Jun 12 2024 02:25:34 GMT+0800 (China Standard Time)

Related spring-projects/spring-framework#31454

And I add the same comment here:
We are still on Spring Boot v2.7.18, using Spring v5.3.31.
Just have a bunch of 120 customers with 10000 end users using the app in IFRAME and this will force customers to remove IFRAME, which will be a royal pain for us.