Global Security Forum

Hi Team,

I have received an vulnerability request to fix the SameSite cookie. As per request, I am trying to add/update the SameSite cookie value to "Strict " using HTTP Transformation rule but I am unable to see any changes. 

I have looked over IBM support pages that this is not possible using HTTP Transformation rules or Webseal config changes as per ISAM 9.0.5.0, is it true? if not, is their a way to overcome this? Please advise.

Thanks,
Nanda Kishore
Email: nandakishore.guthi@bmo.com

------------------------------
NANDA KISHORE GUTHI
------------------------------

Hi Nanda,

Please refer to the following technote for information on how WebSEAL can be configured with respect to SameSite cookies: https://www.ibm.com/support/pages/browser-changes-samesite-cookie-handling-and-ibm-security-access-manager

At 9.0.5.0 you will need to have at least Interim Fix 3 installed.

Kind Regards,

------------------------------
---------------------
Phil Goodman
IBM Security Verify / IBM Security Verify Access L2 Support
------------------------------

Original Message:
Sent: Wed January 20, 2021 11:44 AM
From: NANDA KISHORE GUTHI
Subject: Can we update/add SameSite=Strict value to Existing Cookie, using HTTP TRANSOFRMATION rule?

Hi Team,

I have received an vulnerability request to fix the SameSite cookie. As per request, I am trying to add/update the SameSite cookie value to "Strict " using HTTP Transformation rule but I am unable to see any changes. 

I have looked over IBM support pages that this is not possible using HTTP Transformation rules or Webseal config changes as per ISAM 9.0.5.0, is it true? if not, is their a way to overcome this? Please advise.

Thanks,
Nanda Kishore
Email: nandakishore.guthi@bmo.com

------------------------------
NANDA KISHORE GUTHI
------------------------------