#dominoforever | Product Ideas Portal


Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

DomAuthSessId with SameSite attribute

Add the SameSite attribute to the DomAuthSessId cookie so we can still send requests to the database via localhost.


Message from Chrome:

A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
  • Guest
  • Dec 11 2019
  • Likely to implement
  • Attach files
  • Guest commented
    12 Nov, 2020 02:07pm

    This is not an option. This is a must have.

  • Guest commented
    19 Oct, 2020 10:18am

    It's about time, we really need this now. We're facing iframe integration problems with the new edge browser now as well. At Domino generated Cookies(mainly Auth, but also SessionID and so on) should have a configurable option for handling the samesite attibute.

  • Guest commented
    5 Oct, 2020 06:22am

    Please make this happen soon!

  • Guest commented
    7 Jul, 2020 02:26pm

    For reference please see => https://web.dev/samesite-cookies-explained/

  • Guest commented
    7 Jul, 2020 02:24pm

    Also LPTA authentication cookies too!

  • Guest commented
    19 Mar, 2020 07:27am

    Soon all our customers will be updated:


  • Guest commented
    19 Mar, 2020 07:24am

    We are now experiencing issues due to rollout Chrome 80...

  • Guest commented
    19 Mar, 2020 07:02am

    We already received the first issues with our customers. We really need to have this in Domino! We run Xpages inside a 'Outlook 365 add-in' and currently this change breaks our application now, users can not log in Domino anymore because this uses iframes.

  • Guest commented
    3 Mar, 2020 09:09am

    Chrome is rolling out the samesite checks so this is urgent now, others will follow more soon than later.

    However, this not only applies to the DomAuthSessId and LTPATokens, it should generally be honored for ALL cookies that the server generates upon itself, e.g. the SessionID-cookie to identify the XPage session. Maybe it could be possible to configure it by notes.ini params for individual cookie names wheather one should be accessorized with the correct samesite attributes.

    We use xpages in iframe environments so not having the correct samesite attributes breaks our domino business apps integrations in connections for example.

  • Guest commented
    3 Jan, 2020 04:18am

    This gets my vote, this should be made available urgently.

    Add a SameSite field with options None,Lax and Secure to the Web SSO configuration, next to Require SSL protected communication (HTTPS) and Restrict use of the SSO token to HTTP/HTTPS. 


    The missing SameSite on the LtpaToken always comes up in Penetration Tests.