Configuring the SameSite cookie attribute
Configure the SameSite cookie attribute to enable a Domino web server to assert that browsers can only send cookies that originate from the Domino server web site.
About this task
Use of the SameSite cookie attribute reduces the risk of cross-site request forgery (CSRF). You can configure the SameSite cookie in these documents in the Domino directory: Server document, Web Site document (single server), or Web SSO Configuration document (multiple servers). Alternatively, you can configure the attribute through a notes.ini server setting.
Choose one of these values for the attribute:
- Strict Cookies are sent only when browsers directly access the web site of the Domino server from which the cookies originate.
- Lax Cookies are sent when browsers directly or indirectly access the web site of the Domino server from which the cookies originate.
- None Cookies are sent regardless of the web site from which the cookies originate. Requires that HTTPS be enabled.
Configuring the SameSite cookie attribute through the Domino directory
Procedure
-
Find the SameSite cookie attribute field in the Web
document you use:
Document Location of field Server document tab, HTTP Sessions section Web Site document Domino Web Engine tab, HTTP Sessions section Web SSO Configuration document Basics tab, Token Configuration section -
For SameSite cookie attribute, select one of the
following options:
- Strict
- Lax
- None
- Use browser default or INI setting. This setting is the default. Choose this setting if you configure the SameSite cookie through a notes.ini setting on the server or if you don't configure the SameSite cookie and let the browser determine the behavior.
Configuring the SameSite cookie attribute through a notes.ini setting
About this task
- If you configure the web server through a Server document or a single-server Web Site document, use DOMINO_SAMESITE_SINGLESERVER=value
- If you configure the web server through a Web SSO Configuration document, use DOMINO_SAMESITE_MULTISERVERSSO=value
where value is one of the following values representing
the desired SameSite attribute:
| Value | SameSite attribute |
|---|---|
| 1 | Strict |
| 2 | Lax |
| 3 | None |