Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Cookies with the SameSite=None in Chrome
I am using C++ Builder 10.2.3 with Intraweb 15.5.9
I am getting the warning message below in Google Chrome:

"Cookies with the SameSite=None; Secure and not Partitioned attributes that operate in cross-site contexts are third-party cookies. In future Chrome versions, reading third-party cookies will be blocked. This behavior protects user data from cross-site tracking."

The problem is that in IWServercontroller->CookieOptions
Secure= true
But even if I set SameSite=ssoStrict or SameSite=ssoLax

I am always getting the same warning!
I can try to set it in the code in IWServercontroller. But I think it needs to be checked
I'll check and get back to you.

Please keep in mind that browsers keep changing their "security" policies and enforcing things that are not even part of any standard.
You didn't specify the application type (http.sys, Indy, ISAPI, ASPX), anyway, IntraWeb correctly sets the cookie attributes as expected in the specs.

If you have a 3rd party (or cross-site) cookie you must have both

CookieOptions.SameSite = ssoNone
CookieOptions.Secure = True

and you must use HTTPS only. Any HTTP (not HTTPS) connection will give you this warning because a cross site cookie can't be read in an unprotected HTTP connection.

Using ssoLax or ssoStrict on a 3rd party cookie won't work.

All this is described in detail here:
OK. Thanks for the response
I found that the error message was related to a Google Ads script which was also forcing the browser to be in "Quirk mode".
So, I just removed Google Ads!

I am going to read the article in details and see if it possible to put the Ads back with the right security level.

Forum Jump:

Users browsing this thread: 1 Guest(s)