Enabling SameSite Cookie Support

SameSite cookies provide a way of protecting cookies, preventing them from being read by unauthorized domains.

The SameSite cookie attribute is a relatively new standard. Uniface currently only supports setting it globally for all cookies in a web application in the Tomcat context configuration.

By default, the SameSite attribute is not enabled for the Tomcat web server that is installed with Uniface for development and testing.

To enable SameSite cookie support, edit the uniface.xml context configuration file:

  1. Open the file InstallDir\common\tomcat\conf\Catalina\localhost\uniface.xml in a text editor.
  2. Edit the CookieProcessor element in the file and adjust the value as required. For example:

    <Context docBase="C:\Program Files\Uniface\Uniface 103\uniface\webapps\uniface">
      <CookieProcessor sameSiteCookies="Lax"/>
      <Valve className="org.apache.catalina.valves.AccessLogValve" prefix="uniface-" suffix=".log" pattern="common"/>

    This code defines the context container for the Uniface web application and applies the specified attribute globally to all pages in the application.

This uniface.xml context file can serve as an example for configuring your own Uniface web application. If you are using Tomcat 9 (or another web server) in a production environment, please consult the web server documentation.

For more information, consult the following web pages: