Enabling Samesite Cookie

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Enabling SameSite Cookie

   KB 24416        Last updated on 2022-03-30  

(0 votes)


From Kepler-Patch-24 and Joule-Patch-31 onwards, customers can now make use of SameSite cookie for additional security when using the Web App.

Enabling SameSite cookie

A localconfig attribute zimbra_same_site_cookie has been added. The default value is set to Strict. To change the value, execute the following command as a zimbra user:

  • To enable the SameSite cookie in Lax mode:
zmlocalconfig -e zimbra_same_site_cookie=Lax
  • To disable the SameSite cookie:
zmlocalconfig -e zimbra_same_site_cookie=None
  • Restart zmmailboxdctl service to make the changes effective:
zmmailboxdctl restart

Verifying SameSite cookie

The value of the SameSite cookie can be verified through the browser's developer console. Navigate to Storage -> Cookies. Click on the Web App link. In the table, check the value of SameSite for ZM_AUTH_TOKEN. It should be set to Strict if the value is set as Strict, Lax If the value is set to Lax, None if the cookie is disabled.

Jump to: navigation, search