iRule to set SameSite for compatible clients and remove it for incompatible clients (LTM|ASM|APM)
A bunch of us have been refining approaches to help customers handle the new browser enforcement of the HTTP cookie SameSite attribute. I think we have a pretty solid approach now to handle compatib...
Published Feb 11, 2020
Version 1.0Hoolio
Ret. Employee
Joined February 06, 2020
Hoolio
Ret. Employee
Joined February 06, 2020
Simon_Kowallik
Feb 25, 2020Employee
Unfortunately the behaviour isn't consistent across incompatible clients. SameSite=None wasn't introduced in the first drafts of the RFC, which might be the reason why there is inconsistent behaviour, which ranges from treating SameSite=None as SameSite=strict to ignoring the cookie.
Here is the list of incompatible user-agents according to google chromium:
https://www.chromium.org/updates/same-site/incompatible-clients
Here is a quick read on this topic:
https://www.linkedin.com/pulse/samesite-cookies-your-legacy-web-apps-simon-kowallik