Chrome version 80 onwards and “SameSite” cookie attribute
Chrome version 80 onwards and “SameSite” cookie attribute
Dear PeopleFluent Customers and Partners,
As you may recall in January of this year we advised there was an update expected in the release of Chrome version 80 which impacts the way the browser responds to cookies for security reasons.
This change was delayed due to COVID-19 and Google has recently started to push to all versions of Chrome greater than the version 80 release. Firefox is also making changes in the same area.
As such we’re providing this information for your reference again to make sure you're aware and that we're ready to assist should you find there's any effect experienced. This summary flags some possible areas which could be impacted, in theory, depending on configuration.
What to expect with Chrome version 80 onwards?:
The changes to the browser include processing cookies with greater security by verifying an attribute named “SameSite”. One scenario that has potential for impact is when the browser calls out to another site for more information, such as a login or a file request. That call requesting access to a cookie on the other site may be declined due to this new attribute in version 80 onwards of Google Chrome.
Further detail on this attribute can be found here: https://www.chromium.org/updates/same-site?pli=1
If this change does impact your use of our software or any other sites, it is expected to occur in places such as authentication (Single Sign-On, Active Directory) or calling out to 3rd party sites such as reporting, or content servers. Many authentication providers have created fixes for this version update of Google Chrome, but we recommend your team consider testing in your current browser to see if there are any issues found.
How can I test this if our Chrome version has not yet updated?:
1. Open Google Chrome browser
2. Go to the Navigation bar where you would enter a website address
3. Enter chrome://flags and type in samesite as the keyword and enable the following flags
- chrome://flags/#same-site-by-default-cookies
- chrome://flags/#cookies-without-same-site-must-be-secure
4. Close down Chrome after enabling these boxes
5. Reopen it
6. Check any items on your browser-based websites that could be impacted such as logging in using single sign-on (SSO), using options that open documents, reports, or files that are hosted on 3rd party websites or servers.
Further Information:
https://web.dev/samesite-cookies-explained/
https://blog.chromium.org/2020/05/resuming-samesite-cookie-changes-in-july.html
https://hacks.mozilla.org/2020/08/changes-to-samesite-cookie-behavior/
What can I do if this impacts me?
If you find the PeopleFluent software is not functioning as expected, please report the issue to our support teams through your administrators using the case management system - https://support.peoplefluent.com
If you use an IDP for authentication, please also contact the provider as they may have solutions in place ready for these changes.
Sincerely,
PeopleFluent Support
USA: +1 (800) 841-2365 or +1 (919) 645-2899
UK: +44 (207) 832-3444
Case Management System: https://support.peoplefluent.com
Customer Community: https://customers.peoplefluent.com