Page 44 - Payout Magazine Online Volume 10.02
P. 44
Chrome
Samesite
Cookie Change
And What It
Means
The Google Chrome Announcement tracked across websites by third-party cookies. The console issues warnings when cross-
On February 4th, the default for all cookies site cookies are located on a page lacking
Chrome made an announcement in May of not set with a matching browser for the URL the required settings. When the warnings are
2019 that a secure-by-default model was browser domain and the cookie domain of the displayed, the reason may be the improper
under development for handling cookies. The user will default to SameSite=Lax. configuration of support features on the
intention is ensuring browsing is faster and website.
more secure. The goal is increasing control, A secure flag will be required for all
choice and transparency. Users should know if SameSite=None labeled cookies prior to being Previous versions of Chrome have also
any tracking is taking place, by whom and how created and sent for HTTPS requests. Cross- displayed Developer Tools warnings including
the information being shared can be controlled. site sharing is restricted by the SameSite=Strict Chrome 77. The possible exceptions include
As the possibility of cross-site attacks and designation. This remains true when one instances where a pair of redundant cookies
privacy issues increase, Chrome is changing publisher owns both domains. According are issued by a service. One cookie will have the
cookie policies for the protection of the users. to Microsoft Edge and Mozilla Foxfire, the new Chrome settings. The other legacy settings
SameSite=Lax default will be adopted. for incompatibility. In this instance, the legacy
The changes will significantly affect cookie will trigger a warning despite the service
all companies reliant on cookies including Launch Timing working correctly.
publishers and advertisers. To prevent
disruptions, Chrome users need to make The release of Chrome 80 is expected Specifications
advance preparations. As of February 4th, to take place on February 4th, 2020. The
2020, third-party cookies will no longer be cookie classification system will be enforced None: Sites receiving third-party requests
sent by Chrome for cross-site requests. The by Chrome later in the month beginning with are able to share cookies. Cookies are
exception is cookies flagged and secured a small percentage of users. As time passes, accessible from the browser of the user. None
through SameSite, an IETF standard. Third the percentage will be increased. Information is the current Chrome default.
parties will no longer be able to access cookies is being released regarding the timing of the
without the Secure and SameSite=None labels rollout and process. SameSite=None: All third-party cookies are
for Chrome version 80 and above. null and void. Cookies can only be accessed
Developer Tools Console Warnings by the site setting the cookie using the same
The Secure and SameSite=None domain.
Labels The new Chrome approach will be used
by certain Google services. Cookies will be SameSite=Strict: Cookies can only be set
Cookies set and read through HTTPS issued with both legacy settings and new and accessed by sites within the same domain.
connections will receive the Secure label. The settings. This means users may receive Google The user can land right on the site or come from
SameSite cookie default through Chrome cookie warnings from the Developer Tools another site.
is currently none. This means users can be console despite the service working correctly.
44 PAYOUTMAGAZINE
