How to set SameSite=Strict and httponly=true for KEYCLOAK_SESSION cookie in Keycloak 26?

AakankshaGh · November 24, 2025, 9:14am

I’m using Keycloak 26 and I want to set the KEYCLOAK_SESSION cookie with SameSite=Strict and HttpOnly=true. Is there any way to configure this in Keycloak?

Topic		Replies	Views
Can we set HttpOnly flag to KEYCLOAK_SESSION cookie?	0	1096	November 9, 2020
Set Keycloak_session HTTPOnly Securing applications saml	0	1199	June 7, 2021
How to change from SameSite=none to SameSite=Lax in KEYCLOAK_SESSION cookie? Getting advice authentication , oidc	3	5182	June 18, 2024
How to set the secure flag for cookie KEYCLOAK_SESSION	2	8872	September 28, 2021
Kc_session Secure flag	0	1191	December 10, 2021

How to set SameSite=Strict and httponly=true for KEYCLOAK_SESSION cookie in Keycloak 26?

Related topics