SameSite updates for cookie files
SameSite is a security feature designed to stop third-party domains from creating cookie files until the user has navigated to their website. This feature helps prevent third parties from using browser cookies to keep track of users online and the websites that they visit. In February 2020, the SameSite security feature created by Google for Chrome 80 and later will undergo several changes. The SameSite attribute for cookie files will have to be set to one of the following three values:- Strict prevents all cookie files from being sent.
- Lax prevents some types of cookie files from being sent between websites (images and iFrame). This value is specified by default.
- None does not place any restrictions on cookie files.
Enabling SameSite by default in Google Chrome
To enable the feature, do the following:- Navigate to chrome://flags/
- Enable the SameSite by default cookies mode.
- Restart your browser in order for the changes to take effect.
- Open your website and verify that the development tool console works as intended in your browser.
Enabling SameSite by default in Microsoft Edge
To enable the feature, do the following:- Navigate to edge://flags/
- Enable the SameSite by default cookies mode.
- Restart your browser in order for the changes to take effect.
- Open your website and verify that the development tool console works as intended in your browser.
Updates for other browsers
Other browsers such as Firefox will implement the following changes for dealing with cookie files:- Cookie files without the SameSite attribute will be treated as “SameSite= Lax”. If third-party access is required, update your cookies to have the SameSite attribute.
- Cookie files that require third-party access should have the following attribute: “SameSite=None; Secure”.