SESSION_COOKIE
The SESSION_COOKIE element specifies that cookies the GAS uses to validate
the session are created with the secure flag.
Syntax
<SESSION_COOKIE Secure={"TRUE"|"FALSE"} [ SameSite={"STRICT|LAX|NONE"} ]></SESSION_COOKIE>The SESSION_COOKIE element takes a mandatory Secure attribute
and an optional SameSite attribute.
Securevalid values areTRUEorFALSE. When set toTRUE, the cookie is restricted to secured connections (HTTPS) only. The default isFALSE.- The
SameSiteattribute determines whether the cookie is restricted to a same-site context. Valid values are:Strict: The cookie is sent only if the site for the cookie matches the site currently shown in the browser. The cookie is not sent if the user follows a link from another site.Lax: The cookie can be sent with top-level navigations and with GET requests initiated by third-party websites.None: The cookie is sent in all contexts. TheSecureattribute must be set toTRUEand the request must be in HTTPS format.
The default value is
Strict.
Child elements
There are no child elements.
Usage
The main goal of cookies is to keep a state, using session variables, between two runs of an
application by the same user. You use the SESSION_COOKIE element to specify that
Genero session identifier cookies, including cookies created by Sticky Web services, are created
with the secure flag and the SameSite attribute set to strict.
You may need to set the Secure and SameSite attributes.
Example secure session cookie
<INTERFACE_TO_CONNECTOR>
...
<HTTP>
<SESSION_COOKIE SameSite="None" Secure="TRUE" > </SESSION_COOKIE>
...
</HTTP>
</INTERFACE_TO_CONNECTOR>Secure session cookie in web-xml
Note: If using a Java Enterprise Edition (J2EE) server, the secure
flag needs to be configured in the web.xml file as shown in the example:
<web-app>
...
<session-config>
<cookie-config>
<secure>true</secure>
</cookie-config>
</session-config>
</web-app>Parent elements
This element is a child of the HTTP element.