commit | b9973cbf8346f6b04bf1f5197ad91215c9d4e2a5 | [log] [tgz] |
---|---|---|
author | Frederic Tregon <frederic.tregon@codingame.com> | Thu Oct 01 11:11:53 2020 +0200 |
committer | Brian Demers <bdemers@apache.org> | Sat Oct 17 10:57:40 2020 -0400 |
tree | c82a2ab1019a3afae87932d42874cd818412971c | |
parent | ea680b427a9e4eabd9d795497372a6434e5a34c9 [diff] |
deleteMe cookie should use the defined "sameSite" With Chrome increasing security of cookies not defining any SameSite options, the deleteMe cookie may be blocked by Chrome under some circumstances. For example, when an app is used within a cross-site iframe, one must defined the option SameSite=None option. This works for the main cookie, but the deleteMe is currently blocked. This commit fixes this.
Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any application – from the smallest mobile applications to the largest web and enterprise applications.