Setting the Secure Attributes for the SameSite Cookies (Release 9.2.26.0)

Perform the steps in the following sections to enable the SameSite cookies for the WebLogic and WebSphere application servers.

Enabling SameSite for WebLogic application server

1. Stop the Server Manager Console.
2. Update the weblogic.xml file and uncomment the following lines:

   <wls:cookie-name>SMCONSOLE_SSID</wls:cookie-name>

   <wls:cookie-path>/manage<!--;SameSite=Lax--></wls:cookie-path>

3. Start the Server Manager Console.

Enabling SameSite for WebSphere application server

1. Log in to the WebSphere Integrated Solutions Console (usually accessed via a web browser at a URL like http://<your_server>:<port>/ibm/console).
2. Navigate to Servers > Server Types > WebSphere application servers, then select the specific application server where your application is deployed.
3. Under Server Infrastructure, click Java and Process Management > Process Definition > Java Virtual Machine. Then, under Additional Properties, click Custom Properties.
4. Click New to add a new custom property. Set the following:
   • Name: com.ibm.websphere.servlet.cookie.SameSite
   • Value: Strict or Lax (depending on your desired level of restriction)
   • Description (optional): A brief description, for example: SameSite cookie attribute for session management.

5. Click Apply, and then click Save.

6. If you are in a network deployment environment, synchronize the node where your application server is running. Navigate to System administration > Nodes. Select your Node and click Synchronize.
7. After synchronizing, restart the application server for the changes to take effect.