Enabling Samesite Cookie
Enabling SameSite Cookie
From Kepler-Patch-24 and Joule-Patch-31 onwards, customers can now make use of SameSite cookie for additional security when using the Web App.
A localconfig attribute
zimbra_same_site_cookie has been added. The default value is set to Strict. To change the value, execute the following command as a
- To enable the SameSite cookie in Lax mode:
zmlocalconfig -e zimbra_same_site_cookie=Lax
- To disable the SameSite cookie:
zmlocalconfig -e zimbra_same_site_cookie=None
zmmailboxdctlservice to make the changes effective:
The value of the SameSite cookie can be verified through the browser's developer console. Navigate to Storage -> Cookies. Click on the Web App link. In the table, check the value of SameSite for ZM_AUTH_TOKEN. It should be set to Strict if the value is set as Strict, Lax If the value is set to Lax, None if the cookie is disabled.