3

I am creating a feature that will heavily depend upon cookies with SameSite=None and secure flag set to true as described in https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite

Cookies with SameSite=None must now also specify the Secure attribute (they require a secure context/HTTPS).

This currently works on all modern browsers.

Is there any speculation that these cookies will be deprecated in the (near) future?

Anshuman Chatterjee
  • 834
  • 5
  • 21

2 Answers2

0

Oh they're trying very hard to destroy 3rd party cookies altogether. Not sure if yours are third party or not.

https://blog.chromium.org/2020/01/building-more-private-web-path-towards.html

"we plan to phase out support for third-party cookies in Chrome. Our intention is to do this within two years"

Already every other Chrome update destroys integrations between sites that depend on the samesite behavior you mention.

This checkin reverted behavior to a more tolerant samesite behavior because a previous samesite change broke so many sites. but it won't last for long. They will re-add it in the future.

https://chromium.googlesource.com/chromium/src/+/fdfe7482acbb6a4f5605103ce7d2956e2336e27e

Dan G
  • 836
  • 11
  • 31
  • The linked change on Google Git talks about when a navigation is considered cross-site, but does it also change the interpretation of the `SameSite` attribute? – Heiko Theißen Aug 31 '23 at 14:45
0

You will probably have to combine it with the "Partitioned" attribute for it to still work after ~Q1 2024:

https://developer.mozilla.org/en-US/docs/Web/Privacy/Partitioned_cookies#browser_compatibility

At this time partitioned cookies are still experimental.

Oliver Wolf
  • 249
  • 4
  • 8