Add SameSite attribute to APM Cookies

Problem this snippet solves: This irule add SameSite attribute with value None to APM Cookies. related to Chrome 80 behavior change : Cookies default to SameSite=Lax When you put "SameSite=None...

Published Jan 30, 2020

Version 1.0

application delivery

BIG-IP Access Policy Manager (APM)

iRules

security

Yann_Desmarest

Cirrus

Joined September 11, 2012

View Profile

Yann_Desmarest

Cirrus

Joined September 11, 2012

View Profile

Yann_Desmarest

Cirrus

Feb 03, 2020

Hi Lucas,

You have several other Cookies sent by APM. The most important one is LastMRH_Session.

If you don't specify any SameSite attribute, Chrome will define "Lax" as default behavior. "Lax" means that GET requests to same hostname and domains are allowed. When you are using SAML, OAuth, OIDC, or Multidomain SSO, you will have POST requests. Those POST requests are not allowed by default thus breaking the authentication flow. It concerns mainly embedded contents and cross origin requests.

Regards

Yann

Add SameSite attribute to APM Cookies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS