Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
lemonldap-ng
lemonldap-ng
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 260
    • Issues 260
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 5
    • Merge Requests 5
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Snippets
    • Snippets
  • Members
    • Members
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • LemonLDAP NG
  • lemonldap-nglemonldap-ng
  • Issues
  • #2070

Closed (duplicated)
Open
Opened Jan 20, 2020 by Mickael Bride@mbride

LemonLDAP session cookie - SameSite attribute

Chrome 80 will consider cookies as "Samesite=Lax" by default. This is an issue using applications protected by LemonLDAP included into iframes. We need to have the ability to set the SameSite attribute of session cookies to "None".

Usecase: MyDomain is SP, and is included as an iframe in Domain2 website (SP) -> SSO broken (infinite loop), because LemonLDAP session cookie does not have the SameSite attribute, so the session cookie is not sent

Assignee
Assign to
2.0.8
Milestone
2.0.8 (Past due)
Assign milestone
Time tracking
None
Due date
None
Reference: lemonldap-ng/lemonldap-ng#2070