set secure for cookie

clearCookie() is taken from OA4MP/oa4mp-client-api/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/client/servlet/ClientServlet.java Merging the fix here too: Need to set the secure option also when clearing the cookie due to comply with the new sameSite policies. See e.g. https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite
rcauth-eu · Nov 12, 2020 · 994931b · 994931b
1 parent 9e38944
commit 994931b
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/...l/master-portal-common/src/main/java/eu/rcauth/masterportal/servlet/util/CookieUtils.java b/...l/master-portal-common/src/main/java/eu/rcauth/masterportal/servlet/util/CookieUtils.java
@@ -45,6 +45,8 @@ public static String clearCookie(HttpServletRequest request, HttpServletResponse
                     // This way if the user surfs to another portal there won't
                     // be a cookie clash.
                     cookie.setMaxAge(0);
+                    cookie.setValue(""); // not necessary but good practice
+                    cookie.setSecure(true); // prevents sameSite without secure warning
                     response.addCookie(cookie);
                 }
             }