Skip to Main Content
Forums

ORDS, SODA & JSON in the Database

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

SameSite Cookie Settings in Tomcat Not Applied to ORDS/APEX Cookies

usha rao2 hours ago — edited 53 minutes ago

Environment:

  • Oracle APEX version 24.2
  • ORDS version 24.2.3 deployed on Apache Tomcat
  • Tomcat version 9.0.98
  • HTTPS enabled
  • AppSec requirement to enforce SameSite attribute on cookies

Issue Summary:

I am trying to apply the SameSite cookie attribute for browser cookies in an APEX application running through ORDS on Apache Tomcat.I have configured the following in Tomcat’s context.xml:

<Context> <CookieProcessor sameSiteCookies="Lax" /> </Context>

This configuration works perfectly for all Java web applications deployed on the same Tomcat instance — the JSESSIONID cookie correctly shows SameSite=Lax under browser developer tools.

However, when accessing the APEX application via ORDS, the SameSite attribute does not appear on the cookies generated for APEX.
Comments
Post Details
Added 2 hours ago
3 comments
32 views