The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Enabling SameSite Cookie

KB 24416	Last updated on 2022-03-30	Last updated by Dawood Shaikh	0.00 (0 votes)	Verified in: ZCS 8.5 ZCS 8.0
- This article is a Community contribution and may include unsupported customizations.

KB 24416	Last updated on 2022-03-30
0.00 (0 votes)
- This article is a Community contribution and may include unsupported customizations.

- This article is a Work in Progress, and may be unfinished or missing sections.

Overview

From Kepler-Patch-24 and Joule-Patch-31 onwards, customers can now make use of SameSite cookie for additional security when using the Web App.

Enabling SameSite cookie

A localconfig attribute zimbra_same_site_cookie has been added. The default value is set to Strict. To change the value, execute the following command as a zimbra user:

To enable the SameSite cookie in Lax mode:

zmlocalconfig -e zimbra_same_site_cookie=Lax

To disable the SameSite cookie:

zmlocalconfig -e zimbra_same_site_cookie=None

Restart zmmailboxdctl service to make the changes effective:

zmmailboxdctl restart

Verifying SameSite cookie

The value of the SameSite cookie can be verified through the browser's developer console. Navigate to Storage -> Cookies. Click on the Web App link. In the table, check the value of SameSite for ZM_AUTH_TOKEN. It should be set to Strict if the value is set as Strict, Lax If the value is set to Lax, None if the cookie is disabled.

Enabling Samesite Cookie

Contents

Enabling SameSite Cookie

Overview

Enabling SameSite cookie

Verifying SameSite cookie

Products

Support

Learn

Community