https://community.qlik.com/t5/Official-Support-Articles/Qlik-Sense-SameSite-doesn-t-work-with-insecure-sites-HTTP/ta-p/1758476 <P>In Qlik Sense, when enabling the SameSite attribute and HasSecure attributes for a non-secure site (<FONT face="courier new,courier">http://</FONT>), the browser still refuses to set up the cookie.<BR /><BR /><STRONG>Environments:</STRONG></P> <UL> <LI>Qlik Sense Enterprise for Windows November 2018 and later</LI> </UL> <P>&nbsp;</P> <P>For the SameSite attribute to work, it is a requirement to use a secure site (<FONT face="courier new,courier">https://</FONT>)<BR />The only reason why there is the option to enable HasSecure and SameSite for HTTP in Qlik Sense is to facilitate the integration with a reverse proxy using SSL offloading.<BR />In that use case, the connection between the end user and the reverse proxy will be HTTPS but the communication between the reverse proxy and Qlik Sense will be HTTP.<BR />The connection will be seen as HTTPS in the end user's browser and the browser will allow the cookie to be set.<BR /><BR />Read more about SSL offloading:<BR /><A href="https://en.wikipedia.org/wiki/TLS_termination_proxy" target="_blank" rel="noopener" data-cke-saved-href="https://en.wikipedia.org/wiki/TLS_termination_proxy">https://en.wikipedia.org/wiki/TLS_termination_proxy</A><BR /><BR />Information about how to set up SameSite in Qlik Sense:<BR /><A href="https://community.qlik.com/t5/Qlik-Support-Knowledge-Base/Qlik-Sense-Missing-SameSite-attribute-now-blocks-requests-in/ta-p/1712551" target="_blank" rel="noopener" data-cke-saved-href="https://community.qlik.com/t5/Qlik-Support-Knowledge-Base/Qlik-Sense-Missing-SameSite-attribute-now-blocks-requests-in/ta-p/1712551">Missing SameSite attribute blocks requests in Chrome 80 and later - Too many sessions in parallel</A></P> Wed, 04 Nov 2020 15:12:51 GMT Sonja_Bauernfeind 2020-11-04T15:12:51Z https://community.qlik.com/t5/Official-Support-Articles/Qlik-Sense-SameSite-doesn-t-work-with-insecure-sites-HTTP/ta-p/1758476 <P>In Qlik Sense, when enabling the SameSite attribute and HasSecure attributes for a non-secure site (<FONT face="courier new,courier">http://</FONT>), the browser still refuses to set up the cookie.<BR /><BR /><STRONG>Environments:</STRONG></P> <UL> <LI>Qlik Sense Enterprise for Windows November 2018 and later</LI> </UL> <P>&nbsp;</P> <P>For the SameSite attribute to work, it is a requirement to use a secure site (<FONT face="courier new,courier">https://</FONT>)<BR />The only reason why there is the option to enable HasSecure and SameSite for HTTP in Qlik Sense is to facilitate the integration with a reverse proxy using SSL offloading.<BR />In that use case, the connection between the end user and the reverse proxy will be HTTPS but the communication between the reverse proxy and Qlik Sense will be HTTP.<BR />The connection will be seen as HTTPS in the end user's browser and the browser will allow the cookie to be set.<BR /><BR />Read more about SSL offloading:<BR /><A href="https://en.wikipedia.org/wiki/TLS_termination_proxy" target="_blank" rel="noopener" data-cke-saved-href="https://en.wikipedia.org/wiki/TLS_termination_proxy">https://en.wikipedia.org/wiki/TLS_termination_proxy</A><BR /><BR />Information about how to set up SameSite in Qlik Sense:<BR /><A href="https://community.qlik.com/t5/Qlik-Support-Knowledge-Base/Qlik-Sense-Missing-SameSite-attribute-now-blocks-requests-in/ta-p/1712551" target="_blank" rel="noopener" data-cke-saved-href="https://community.qlik.com/t5/Qlik-Support-Knowledge-Base/Qlik-Sense-Missing-SameSite-attribute-now-blocks-requests-in/ta-p/1712551">Missing SameSite attribute blocks requests in Chrome 80 and later - Too many sessions in parallel</A></P> Wed, 04 Nov 2020 15:12:51 GMT https://community.qlik.com/t5/Official-Support-Articles/Qlik-Sense-SameSite-doesn-t-work-with-insecure-sites-HTTP/ta-p/1758476 Sonja_Bauernfeind 2020-11-04T15:12:51Z