Add SameSite attribute to APM Cookies
Published Jan 30, 2020
Version 1.0Was this article helpful?
Hi Lucas,
You have several other Cookies sent by APM. The most important one is LastMRH_Session.
If you don't specify any SameSite attribute, Chrome will define "Lax" as default behavior. "Lax" means that GET requests to same hostname and domains are allowed. When you are using SAML, OAuth, OIDC, or Multidomain SSO, you will have POST requests. Those POST requests are not allowed by default thus breaking the authentication flow. It concerns mainly embedded contents and cross origin requests.
Regards
Yann