Global Security Forum

Security Global Forum

Our mission is to provide clients with an online user community of industry peers and IBM experts, to exchange tips and tricks, best practices, and product knowledge. We hope the information you find here helps you maximize the value of your IBM Security solutions.

 View Only
Expand all | Collapse all

Can we update/add SameSite=Strict value to Existing Cookie, using HTTP TRANSOFRMATION rule?

  • 1.  Can we update/add SameSite=Strict value to Existing Cookie, using HTTP TRANSOFRMATION rule?

    Posted Thu January 21, 2021 05:35 PM
    Hi Team,

    I have received an vulnerability request to fix the SameSite cookie. As per request, I am trying to add/update the SameSite cookie value to "Strict " using HTTP Transformation rule but I am unable to see any changes. 

    I have looked over IBM support pages that this is not possible using HTTP Transformation rules or Webseal config changes as per ISAM 9.0.5.0, is it true? if not, is their a way to overcome this? Please advise.

    Thanks,
    Nanda Kishore
    Email: nandakishore.guthi@bmo.com

    ------------------------------
    NANDA KISHORE GUTHI
    ------------------------------


  • 2.  RE: Can we update/add SameSite=Strict value to Existing Cookie, using HTTP TRANSOFRMATION rule?

    Posted Fri January 22, 2021 03:40 AM
    Hi Nanda,

    Please refer to the following technote for information on how WebSEAL can be configured with respect to SameSite cookies: https://www.ibm.com/support/pages/browser-changes-samesite-cookie-handling-and-ibm-security-access-manager

    At 9.0.5.0 you will need to have at least Interim Fix 3 installed.

    Kind Regards,

    ------------------------------
    ---------------------
    Phil Goodman
    IBM Security Verify / IBM Security Verify Access L2 Support
    ------------------------------