In Qlik Sense, when enabling the SameSite attribute and HasSecure attributes for a non-secure site (http://), the browser still refuses to set up the cookie.
Environments:
- Qlik Sense Enterprise for Windows November 2018 and later
For the SameSite attribute to work, it is a requirement to use a secure site (https://)
The only reason why there is the option to enable HasSecure and SameSite for HTTP in Qlik Sense is to facilitate the integration with a reverse proxy using SSL offloading.
In that use case, the connection between the end user and the reverse proxy will be HTTPS but the communication between the reverse proxy and Qlik Sense will be HTTP.
The connection will be seen as HTTPS in the end user's browser and the browser will allow the cookie to be set.
Read more about SSL offloading:
https://en.wikipedia.org/wiki/TLS_termination_proxy
Information about how to set up SameSite in Qlik Sense:
Missing SameSite attribute blocks requests in Chrome 80 and later - Too many sessions in parallel
