Cookies with the SameSite=None in Chrome

[valmeras]

I am using C++ Builder 10.2.3 with Intraweb 15.5.9
I am getting the warning message below in Google Chrome:

"Cookies with the SameSite=None; Secure and not Partitioned attributes that operate in cross-site contexts are third-party cookies. In future Chrome versions, reading third-party cookies will be blocked. This behavior protects user data from cross-site tracking."

The problem is that in IWServercontroller->CookieOptions
Secure= true
But even if I set SameSite=ssoStrict or SameSite=ssoLax

I am always getting the same warning!
I can try to set it in the code in IWServercontroller. But I think it needs to be checked

[Alexandre Machado]

I'll check and get back to you.

Please keep in mind that browsers keep changing their "security" policies and enforcing things that are not even part of any standard.

[Alexandre Machado]

You didn't specify the application type (http.sys, Indy, ISAPI, ASPX), anyway, IntraWeb correctly sets the cookie attributes as expected in the specs.

If you have a 3rd party (or cross-site) cookie you must have both

CookieOptions.SameSite = ssoNone
CookieOptions.Secure = True

and you must use HTTPS only. Any HTTP (not HTTPS) connection will give you this warning because a cross site cookie can't be read in an unprotected HTTP connection.

Using ssoLax or ssoStrict on a 3rd party cookie won't work.

All this is described in detail here: https://developers.google.com/search/blo...one-secure

[valmeras]

OK. Thanks for the response
I found that the error message was related to a Google Ads script which was also forcing the browser to be in "Quirk mode".
So, I just removed Google Ads!

I am going to read the article in details and see if it possible to put the Ads back with the right security level.