Skip Navigation
SameSite Cookie Setting Issue
Answer ID 12516   |   Last Review Date 01/03/2023

Why is the SameSite cookie attribute being set to 'Lax' on my Customer Portal site?


Customer Portal (CP)


The "SameSite" parameter on our cookies is being set to "Lax". However, the product feature documentation for the release we are on (22D) states that the "Secure" and "HTTP Only" flags will always be set on cookies.


When cp_session cookie is set from Customer Portal, SameSite=None and Secure ("None; Secure") are set only when end-user SSL is enabled (SEC_END_USER_HTTPS site configuration is set to 1) on a site. Otherwise, cookie SameSite will be set to Lax. This setting is only configurable by Technical Support. If you would like to make a change, please submit a service request via Ask Technical Support.

For further details see

Answer ID 10562: How do the SEC_ADMIN_HTTPS and SEC_END_USER_HTTPS keys work?