Global Security Forum

 View Only
Expand all | Collapse all

Can we update/add SameSite=Strict value to Existing Cookie, using HTTP TRANSOFRMATION rule?

  • 1.  Can we update/add SameSite=Strict value to Existing Cookie, using HTTP TRANSOFRMATION rule?

    Posted Thu January 21, 2021 05:35 PM
    Hi Team,

    I have received an vulnerability request to fix the SameSite cookie. As per request, I am trying to add/update the SameSite cookie value to "Strict " using HTTP Transformation rule but I am unable to see any changes. 

    I have looked over IBM support pages that this is not possible using HTTP Transformation rules or Webseal config changes as per ISAM 9.0.5.0, is it true? if not, is their a way to overcome this? Please advise.

    Thanks,
    Nanda Kishore
    Email: nandakishore.guthi@bmo.com

    ------------------------------
    NANDA KISHORE GUTHI
    ------------------------------


  • 2.  RE: Can we update/add SameSite=Strict value to Existing Cookie, using HTTP TRANSOFRMATION rule?

    Posted Fri January 22, 2021 03:40 AM
    Hi Nanda,

    Please refer to the following technote for information on how WebSEAL can be configured with respect to SameSite cookies: https://www.ibm.com/support/pages/browser-changes-samesite-cookie-handling-and-ibm-security-access-manager

    At 9.0.5.0 you will need to have at least Interim Fix 3 installed.

    Kind Regards,

    ------------------------------
    ---------------------
    Phil Goodman
    IBM Security Verify / IBM Security Verify Access L2 Support
    ------------------------------