Google Chrome 80 Cookie Change – we are ready!
24. January 2020 | Go Back



In May, Chrome announced a secure-by-default model for cookies, enabled by a new cookie classification system.
Chrome plans to implement the new model with Chrome 80 in February 2020. Mozilla and Microsoft have also indicated an intent to implement the new model in Firefox and Edge, on their own timelines.

What does it mean?

Today, if a cookie is only intended to be accessed in a first-party context, the developer has the option to apply one of two settings (SameSite=Lax or SameSite=Strict) to prevent external access. However, very few developers follow this recommended practice, leaving a large number of same-site cookies needlessly exposed to threats.

Google Chrome 80 introduces a new default cookie attribute setting of SameSite=Lax. Previously, the SameSite cookie attribute defaulted to SameSite=None. Developers must use a new cookie setting, SameSite=None, to designate cookies for cross-site access. When the SameSite=None attribute is present, an additional Secure attribute must be used so cross-site cookies can only be accessed over HTTPS connections.
This won’t mitigate all risks associated with cross-site access but it will provide protection against network attacks.
So, to get ready for the changes, enable the global security preference to Enforce HTTPS. Also, test to see if client-side JavaScript code requires adjustments and to make sure that third-party integrations work as expected



These Chrome changes are right around the corner and DoAff.net programmers can surely approve that we are ready. For our customers, nothing will change and all “Cookie tracking” will be as effective as it was before.

Leave a comment

Name
Email
Message
 

Comments

No commments yet.

Relevant posts