Enabling Samesite Cookie: Difference between revisions

(Created page with "=Enabling SameSite Cookie= {{KB|{{Unsupported}}|{{ZCS 8.5}}|{{ZCS 8.0}}|}} {{WIP}} == Overview == From '''Kepler-Patch-24''' and '''Joule-Patch-31''' onwards, customers can no...")
 
(No difference)

Latest revision as of 15:48, 30 March 2022

Enabling SameSite Cookie

   KB 24416        Last updated on 2022-03-30  




0.00
(0 votes)

Overview

From Kepler-Patch-24 and Joule-Patch-31 onwards, customers can now make use of SameSite cookie for additional security when using the Web App.

Enabling SameSite cookie

A localconfig attribute zimbra_same_site_cookie has been added. The default value is set to Strict. To change the value, execute the following command as a zimbra user:

  • To enable the SameSite cookie in Lax mode:
zmlocalconfig -e zimbra_same_site_cookie=Lax
  • To disable the SameSite cookie:
zmlocalconfig -e zimbra_same_site_cookie=None
  • Restart zmmailboxdctl service to make the changes effective:
zmmailboxdctl restart

Verifying SameSite cookie

The value of the SameSite cookie can be verified through the browser's developer console. Navigate to Storage -> Cookies. Click on the Web App link. In the table, check the value of SameSite for ZM_AUTH_TOKEN. It should be set to Strict if the value is set as Strict, Lax If the value is set to Lax, None if the cookie is disabled.

Jump to: navigation, search