Saijo George

Curated by Saijo George

Read more

friday31 Jan 2020

Test SameSite-by-Default and “SameSite=None; Secure” Cookies Impact on Your Site

Background: With Chrome 80 in February, Chrome will treat cookies that have no declared SameSite value as SameSite=Lax cookies. Only cookies with the SameSite=None; Secure setting will be available for external access, provided they are being accessed from secure connections.

Here is an overview of the steps you can take to test your site against Chrome’s new SameSite-by-default cookie behaviour, and tips for debugging cookie issues that may be related. Please use Chrome 80 or newer (Beta included). (Older versions of Chrome may implement subtly different SameSite behaviour, particularly for Chrome extensions, and may not include the debugging tools mentioned below.) You can check your version number by typing chrome://version in to the browser bar.

Enable the new SameSite behaviour:

    1. Go to chrome://flags and search for #same-site-by-default-cookies and #cookies-without-same-site-must-be-secure. Set both of them to “Enabled”.
    2. Restart Chrome for the changes to take effect.
    3. Verify that your browser is applying the correct SameSite behavior by visiting this test site and checking that all rows are green.
    4. Thoroughly test site functionality, with a focus on anything involving federated login flows, multiple domains, or cross-site embedded content (images, videos, etc.).
No Media

I love tl;dr Marketing because I can get all the latest SEO news and trends in one spot without having to read lengthy articles. I really look forward to the daily emails to see what's new in our industry!

DuckDuckGo is working on a privacy-focused desktop browser 1 - General News

Ryan Mews SEO Manager Merkle