set samesite: none

asked 2022-03-10 22:00:33 +0800

mattelite gravatar image mattelite
3 1


How can I set samesite: none in my project? Sometimes when I redirect from third-party website to my website, JSESSIONID change!!

delete flag offensive retag edit

2 Answers

Sort by ยป oldest newest most voted

answered 2022-03-11 14:52:57 +0800

MDuchemin gravatar image MDuchemin
2480 1 6
ZK Team

Hi there,

Let's see this in details :)

JSESSIONID is a cookie generated by the web container (the Tomcat, jetty, wildfly, etc) server that hosts your application. It's created when a process on your server stores anything at session level. In the context of ZK, ZK will store values in your session, and thus will cause a JESSIONID cookie to be created at client-side.

JESSIONID cookies denote a session with the specific server that created it, and is used to track the session. When you make another request to the same server, the JSESSION ID cookie is sent with the request, and the server uses it to match this request with your existing session.

Now, if you navigate to a different website that also runs on a J2EE server, that other website may also use a session storage on their own website. That would cause another JSESSIONID cookie to be created under that website's domain.

With all that said, other servers shouldn't need to know your JESSIONID cookie. It is a private session identifier that only has meaning to the server that created it.

Now, lastly, regarding why JSESSIONID might change. JSESSIONID changes if your session is no longer valid. A session can be expired, can be invalidated by a process, or maybe the server has restarted an purged the session cache in between requests.

From your browser's developer tools, you can see the headers sent to the server. In the request headers, you will find the JSESSIONID under cookies.

If you send "nothing" to the server, you will get a new JSESSIONID. If you send a JSESSIONID and do not receive an updated cookie, then your session was still valid. if you send a JSESSIONID and receive a new cookie with a different value, then your session was not found, was expired, was timed out or was invalidated at server side.

Let me know if that helps :)

link publish delete flag offensive edit
Your answer
Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

[hide preview]

Question tools

1 follower



Asked: 2022-03-10 22:00:33 +0800

Seen: 12 times

Last updated: Jul 17

Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More