CA Access Gateway SameSite cookie parameter stripped

Document ID : KB000112050
Last Modified Date : 23/08/2018
Show Technical Document Details
Issue:
Backend is returning a cookie like so:

Set-Cookie: mycookie=<cookiedata>; path=/; secure; HttpOnly; SameSite=Strict 

After going through CA Access Gateway (SPS), it becames 

set-cookie: mycookie=<cookiedata>;Path=/;Secure;HttpOnly 
 
Resolution:
Add the following to httpd.conf on the Access Gateway:

Header edit Set-Cookie ^(.*)$ "$1; SameSite=Strict"

This will add SameSite=Strict to all Set-Cookie headers. If you only need to add SameSite=Strict to certain cookies you need to modify the regex and/or use multiple Header statements.