2 files changed, 42 insertions, 19 deletions

diff --git a/src/main/java/org/traccar/web/CsvBuilder.java b/src/main/java/org/traccar/web/CsvBuilder.java
index 3fe7e408f..b962be072 100644
--- a/src/main/java/org/traccar/web/CsvBuilder.java
+++ b/src/main/java/org/traccar/web/CsvBuilder.java
@@ -21,7 +21,6 @@ import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.util.Arrays;
 import java.util.Collection;
-import java.util.Comparator;
 import java.util.Date;
 import java.util.Map;
 import java.util.SortedSet;
@@ -45,23 +44,21 @@ public class CsvBuilder {
     private void addLineEnding() {
         builder.append(LINE_ENDING);
     }
+
     private void addSeparator() {
         builder.append(SEPARATOR);
     }
 
     private SortedSet<Method> getSortedMethods(Object object) {
         Method[] methodArray = object.getClass().getMethods();
-        SortedSet<Method> methods = new TreeSet<>(new Comparator<Method>() {
-            @Override
-            public int compare(Method m1, Method m2) {
-                if (m1.getName().equals("getAttributes") && !m1.getName().equals(m2.getName())) {
-                    return 1;
-                }
-                if (m2.getName().equals("getAttributes") && !m1.getName().equals(m2.getName())) {
-                    return -1;
-                }
-                return m1.getName().compareTo(m2.getName());
+        SortedSet<Method> methods = new TreeSet<>((m1, m2) -> {
+            if (m1.getName().equals("getAttributes") && !m1.getName().equals(m2.getName())) {
+                return 1;
+            }
+            if (m2.getName().equals("getAttributes") && !m1.getName().equals(m2.getName())) {
+                return -1;
             }
+            return m1.getName().compareTo(m2.getName());
         });
         methods.addAll(Arrays.asList(methodArray));
         return methods;
diff --git a/src/main/java/org/traccar/web/WebServer.java b/src/main/java/org/traccar/web/WebServer.java
index 12fa80d10..44d78cd27 100644
--- a/src/main/java/org/traccar/web/WebServer.java
+++ b/src/main/java/org/traccar/web/WebServer.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012 - 2019 Anton Tananaev (anton@traccar.org)
+ * Copyright 2012 - 2020 Anton Tananaev (anton@traccar.org)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
  */
 package org.traccar.web;
 
+import org.eclipse.jetty.http.HttpCookie;
 import org.eclipse.jetty.http.HttpMethod;
 import org.eclipse.jetty.http.HttpStatus;
 import org.eclipse.jetty.proxy.AsyncProxyServlet;
@@ -32,6 +33,7 @@ import org.glassfish.jersey.server.ResourceConfig;
 import org.glassfish.jersey.servlet.ServletContainer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.traccar.api.DateParameterConverterProvider;
 import org.traccar.config.Config;
 import org.traccar.api.AsyncSocketServlet;
 import org.traccar.api.CorsResponseFilter;
@@ -44,6 +46,7 @@ import org.traccar.config.Keys;
 
 import javax.servlet.DispatcherType;
 import javax.servlet.ServletException;
+import javax.servlet.SessionCookieConfig;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.File;
@@ -75,12 +78,8 @@ public class WebServer {
 
         ServletContextHandler servletHandler = new ServletContextHandler(ServletContextHandler.SESSIONS);
 
-        int sessionTimeout = config.getInteger("web.sessionTimeout");
-        if (sessionTimeout > 0) {
-            servletHandler.getSessionHandler().setMaxInactiveInterval(sessionTimeout);
-        }
-
         initApi(config, servletHandler);
+        initSessionConfig(config, servletHandler);
 
         if (config.getBoolean("web.console")) {
             servletHandler.addServlet(new ServletHolder(new ConsoleServlet()), "/console/*");
@@ -161,12 +160,39 @@ public class WebServer {
         }
 
         ResourceConfig resourceConfig = new ResourceConfig();
-        resourceConfig.registerClasses(JacksonFeature.class, ObjectMapperProvider.class, ResourceErrorHandler.class);
-        resourceConfig.registerClasses(SecurityRequestFilter.class, CorsResponseFilter.class);
+        resourceConfig.registerClasses(
+                JacksonFeature.class, ObjectMapperProvider.class, ResourceErrorHandler.class,
+                SecurityRequestFilter.class, CorsResponseFilter.class, DateParameterConverterProvider.class);
         resourceConfig.packages(ServerResource.class.getPackage().getName());
         servletHandler.addServlet(new ServletHolder(new ServletContainer(resourceConfig)), "/api/*");
     }
 
+    private void initSessionConfig(Config config, ServletContextHandler servletHandler) {
+        int sessionTimeout = config.getInteger("web.sessionTimeout");
+        if (sessionTimeout > 0) {
+            servletHandler.getSessionHandler().setMaxInactiveInterval(sessionTimeout);
+        }
+
+        String sameSiteCookie = config.getString(Keys.WEB_SAME_SITE_COOKIE);
+        if (sameSiteCookie != null) {
+            SessionCookieConfig sessionCookieConfig = servletHandler.getServletContext().getSessionCookieConfig();
+            switch (sameSiteCookie.toLowerCase()) {
+                case "lax":
+                    sessionCookieConfig.setComment(HttpCookie.SAME_SITE_LAX_COMMENT);
+                    break;
+                case "strict":
+                    sessionCookieConfig.setComment(HttpCookie.SAME_SITE_STRICT_COMMENT);
+                    break;
+                case "none":
+                    sessionCookieConfig.setSecure(true);
+                    sessionCookieConfig.setComment(HttpCookie.SAME_SITE_NONE_COMMENT);
+                    break;
+                default:
+                    break;
+            }
+        }
+    }
+
     public void start() {
         try {
             server.start();