"Secure" or "SameSite" attributes cookies for the HAProxy router in OpenShift

Solution Verified - Updated -

Issue

  • The HAproxy version shipped in OpenShift Container Platform to expose Routeobjects does not support adding attributes like "Secure" or "SameSite" to the issued routing cookies (used to re-target pods).
  • Modern web browsers (e.g.: Google Chrome) are changing the default behavior for how cookies will be sent in first and third party contexts. As a result, the sticky sessions configured in HAproxy will no longer work.
  • Any cookies used by a site will be considered as third-party cookies when the site is displayed within the frame.
  • For cookies needed in a third-party context, it will be required to ensure they are marked as SameSite=None; Secure.

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    • 3.11
    • 4.1, 4.2, 4.3
  • HAproxy 1.8.23 or lower

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content