[[_saml-tomcat-adapter-samesite-setting]] ===== Setting SameSite value for JSESSIONID cookie Browsers are planning to set the default value for the `SameSite` attribute for cookies to `Lax`. This setting means that cookies will be sent to applications only if the request originates in the same domain. This behavior can affect the SAML POST binding which may become non-functional. To preserve full functionality of the SAML adapter, we recommend setting the `SameSite` value to `None` for the `JSESSIONID` cookie created by your container. Not doing so may result in resetting the container's session with each request to {project_name}. NOTE: To avoid setting the `SameSite` attribute to `None`, consider switching to the REDIRECT binding if it is acceptable, or to OIDC protocol where this workaround is not necessary. To set the `SameSite` value to `None` for `JSESSIONID` cookie in Tomcat add following configuration to the`context.xml` of your application. Note, this will set the `SameSite` value to `None` for all cookies created by Tomcat container. [source,xml] ---- ---- WARNING: It is not possible to set the `SameSite` attribute only to a subset of cookies, therefore all cookies created for your application will have this attribute set to `None`. The support for this feature is available in Tomcat from versions 9.0.29 and 8.5.49.