Skip to content

DRILL-8522: Change session cookie name. Use STRICT sameSite#2985

Merged
rymarm merged 1 commit intoapache:masterfrom
rymarm:DRILL-8522
May 8, 2025
Merged

DRILL-8522: Change session cookie name. Use STRICT sameSite#2985
rymarm merged 1 commit intoapache:masterfrom
rymarm:DRILL-8522

Conversation

@rymarm
Copy link
Copy Markdown
Member

@rymarm rymarm commented Apr 29, 2025

DRILL-8522: Change session cookie name. Use STRICT sameSite

Drill uses Jetty's default cookie name, JSESSIONID, to store the user session ID.

Because JSESSIONID is a generic name, multiple web services running on the same host can conflict if they use the same cookie name.

Description

Instead of the generic JSESSIONID cookie name, Drill will now use Drill-Session-Id for HTTP and __Secure-Drill-Session-Id for HTTPS. For HTTPS used __Secure- prefix to ensure the cookie is set from secure origin: https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies#cookie_prefixes

Additionally, the cookie's sameSite attribute is now set to STRICT for improved security. More info about this configuration you can find here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies#controlling_third-party_cookies_with_samesite

Documentation

-

Testing

Manual tests

@rymarm rymarm requested review from cgivre and jnturton April 29, 2025 19:19
@rymarm rymarm self-assigned this Apr 30, 2025
Copy link
Copy Markdown
Contributor

@cgivre cgivre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM +1. Please rebase on current master so we can get a clean CI run and then we can merge.

@rymarm rymarm merged commit d0b2ada into apache:master May 8, 2025
7 checks passed
@rymarm rymarm deleted the DRILL-8522 branch May 8, 2025 20:02
cgivre pushed a commit to cgivre/drill that referenced this pull request Mar 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants