Is any way to set SameSiteCookie=None when remove q_session cookie on Quarkus?

Question

Is any way to set SameSiteCookie=None when remove q_session cookie on Quarkus?

75 Views Asked by Daichi At 21 October 2024 at 03:37

In Quarkus OIDC, seems q_session can set SameSite=None for authentication but seems it does not effect to remove cookie.

Quarkus code: https://github.com/quarkusio/quarkus/blob/3.2/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java#L347C17-L347C29

static void removeCookie(RoutingContext context, ServerCookie cookie, OidcTenantConfig oidcConfig) {
        if (cookie != null) {
            cookie.setValue("");
            cookie.setMaxAge(0);
            Authentication auth = oidcConfig.getAuthentication();
            setCookiePath(context, auth, cookie);
            if (auth.cookieDomain.isPresent()) {
                cookie.setDomain(auth.cookieDomain.get());
            }
        }
    }

My OIDC IDP supports SLO using iframe, but iframe does not set cookie if set cookie with other than SameSite=None, then session cookie will remain. Is any way to set SameSite=None when remove cookie in Quarkus OIDC?

Quarkus version: 3.2.0.Final

Original Q&A

There are 1 best solutions below

**Daichi** · Answer 1

As simple solution, can set sameSite after manually logout like below:

    @GET
    @Path("/logout")
    fun logout(): Response {
        oidcSession?.logout()?.await()?.indefinitely()

        val cookie = routingContext?.cookieMap()?.get("q_session") as? ServerCookie
        if (cookie != null) {
            cookie.sameSite = CookieSameSite.NONE
            cookie.isSecure = true
        }

        return Response
            .status(Response.Status.FOUND)
            .location(URI("server-url/logout.html"))
            .build()
    }

Is any way to set SameSiteCookie=None when remove q_session cookie on Quarkus?

There are 1 best solutions below

Related Questions in JAVA

Related Questions in QUARKUS

Related Questions in QUARKUS-OIDC

Trending Questions

Popular # Hahtags

Popular Questions