SameSite Cookie Setting Issue | Oracle B2C Service

Expand

Collapse

Advanced SearchOpens new dialog

Enter plus (+) or minus (-) signs in search terms to make a word required or excluded
Search Tips

Search terms

Screen Reader users press enter to select a Filter by product. Filter by product

Screen Reader users press enter to select a Filter by category. Filter by category

Sort by Direction

SameSite Cookie Setting Issue

Answer ID 12516 | Last Review Date 01/03/2023

Why is the SameSite cookie attribute being set to 'Lax' on my Customer Portal site?

Environment:

Customer Portal (CP)

Issue:

The "SameSite" parameter on our cookies is being set to "Lax". However, the product feature documentation for the release we are on (22D) states that the "Secure" and "HTTP Only" flags will always be set on cookies.

Resolution:

When cp_session cookie is set from Customer Portal, SameSite=None and Secure ("None; Secure") are set only when end-user SSL is enabled (SEC_END_USER_HTTPS site configuration is set to 1) on a site. Otherwise, cookie SameSite will be set to Lax. This setting is only configurable by Technical Support. If you would like to make a change, please submit a service request via Ask Technical Support.

For further details see

Answer ID 10562: How do the SEC_ADMIN_HTTPS and SEC_END_USER_HTTPS keys work?

Loading...

Login

Why is the SameSite cookie attribute being set to 'Lax' on my Customer Portal site?

Was this answer helpful?

Still have questions?

Related Answers

Login