"Secure" or "SameSite" attributes cookies for the HAProxy router in OpenShift

Solution Verified - Updated -

Issue

  • The HAproxy version shipped in OpenShift Container Platform to expose Routeobjects does not support adding attributes like "Secure" or "SameSite" to the issued routing cookies (used to re-target pods).
  • Modern web browsers (e.g.: Google Chrome) are changing the default behavior for how cookies will be sent in first and third party contexts. As a result, the sticky sessions configured in HAproxy will no longer work.
  • Any cookies used by a site will be considered as third-party cookies when the site is displayed within the frame.
  • For cookies needed in a third-party context, it will be required to ensure they are marked as SameSite=None; Secure.

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    • 3.11
    • 4.1, 4.2, 4.3
  • HAproxy 1.8.23 or lower

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In