I have a server (macOS) with a valid SSL certificate. A WebApp (Web1) created with 2019R3.1 allows me to create a secure cookie with an expiration date of my choice. The same code with 2022R4.1 (Web2) did not create any cookies but just generates an error…
Client side for test: macOS Catalina Safari and Firefox
1st example with Web1:
New web project with a single button that contains the following code in Action
Dim d As New Date
d.Month=d.Month+6
Session.Cookies.Set("test","Web1",d,"","/",True,True)
The app compiled as Standalone and started with --secureport=9081 is accessible via https…myserver.com:9081
When the button is clicked, the “test” cookie is created as expected with expiration in 6 months => ok
2nd example with Web2:
New web project with a single button that contains the following code in Pressed
Var d As DateTime = DateTime.Now.AddInterval(0, 6)
Session.Cookies.Set("test2","Web2",d,"","/",True,True,WebCookieManager.SameSiteStrength.Strict)
and also tested with
Session.Cookies.Set("test2","Web2",d,"","/",True,True)
Session.Cookies.Set("test2","Web2",d,"","/",True,True,WebCookieManager.SameSiteStrength.Off)
Session.Cookies.Set("test2","Web2",d,"","/",True,True,WebCookieManager.SameSiteStrength.Lax)
and also tested with the domain name, no way to make it work.
The app compiled with secure port set to 9082 is accessible via https…myserver.com:9082
When the button is clicked, no cookie is created but the following 2 errors appear in the Firefox console:
The “cookietest” cookie does not have a proper “SameSite” attribute value. Soon, cookies with the “SameSite” attribute missing or set to an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on the availability of this cookie in such contexts, please add the attribute “SameSite=None” to it. To learn more about the “SameSite” attribute, see https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite
Cookie ‘test2’ was rejected because an HTTP-Only cookie already exists but the script tried to store a new one.
The only way I found to create a Cookie under Web2 is to remove the “HttpOnly” option, but in this case, Safari and its ITC rules limit the lifetime of the cookie to 7 days!
Session.Cookies.Set("test2","Web2",d,"","/",True,False,WebCookieManager.SameSiteStrength.Strict)
I couldn’t find anything in the doc or on the web. Does anyone have a solution to create a cookie with a validity greater than the limit of 7 days for Safari?
And what is this “cookietest”?