Google is updating the cookie settings for Chrome V80 on the 4th February 2020. The updates could potentially affect cookie-reliant functionality on your website.
Cookies without adequate preparation won't work in the Chrome browser, which has 64% of the overall browser market, according to Stacounter.
Background Information About Cookies
Cookies that are set in the browser have several different properties such as Name, Value, Domain, Expiry and Size etc. However, the two properties that we are interested in are SameSite and Secure.
The SameSite cookie flag is designed to determine what data is getting sent with reach request. At the moment, all cookie data is getting sent per request.
Hence the security risk as CRSF tokens gets sent with each request. Setting the flag of None, Lax or Strict defines to how accessible you want your cookie values to be.
For instance:
Strict:
Cookies wouldn't be shared with any 3rd parties and all the 3rd party cookie requests are nullified. Only the site that sets the cookie can access it; on the same domain e.g. your-website.com.
Lax:
The new default from February, cookies are only set when the domain in the URL of the browser matches the domain of the cookie (1st party cookies) and also specified subdomains within your domain.
None:
This setting allows you to have 1st Party (cookies from your website) and 3rd party (cookies from any external websites). This is the default before the update on the 4th of February.
Note there is a slight anomaly with Google Analytics - as they are creating 1st party cookies through a 3rd party script. Finally, the Secure attribute should be enabled to ensure cookies are set and sent over HTTPS.
What Is The Change?
Google first announced in May last year that cookies that do not include the "SameSite=None" and "Secure" labels won't be accessible by third parties, such as ad tech companies, in Chrome version 80 and beyond.
In other words, the default setting is changing from None (which allows 3rd party cookies) to Lax (which does not allow 3rd party cookies). All 3rd party cookies must be secure to ensure they are using HTTPS requests.
The official launch day is February 4th (Tuesday), 2020.
To view the full article, please check it out over at The Digital Den.
Comments
Post a Comment