Cookies with the SameSite=None in Chrome - Printable Version +- Atozed Forums (https://www.atozed.com/forums) +-- Forum: Atozed Software Products (https://www.atozed.com/forums/forum-1.html) +--- Forum: IntraWeb (https://www.atozed.com/forums/forum-3.html) +---- Forum: English (https://www.atozed.com/forums/forum-16.html) +----- Forum: IntraWeb General Discussion (https://www.atozed.com/forums/forum-4.html) +----- Thread: Cookies with the SameSite=None in Chrome (/thread-3994.html)

Cookies with the SameSite=None in Chrome - valmeras - 03-27-2024 I am using C++ Builder 10.2.3 with Intraweb 15.5.9 I am getting the warning message below in Google Chrome: "Cookies with the SameSite=None; Secure and not Partitioned attributes that operate in cross-site contexts are third-party cookies. In future Chrome versions, reading third-party cookies will be blocked. This behavior protects user data from cross-site tracking." The problem is that in IWServercontroller->CookieOptions Secure= true But even if I set SameSite=ssoStrict or SameSite=ssoLax I am always getting the same warning! I can try to set it in the code in IWServercontroller. But I think it needs to be checked RE: Cookies with the SameSite=None in Chrome - Alexandre Machado - 04-03-2024 I'll check and get back to you. Please keep in mind that browsers keep changing their "security" policies and enforcing things that are not even part of any standard. RE: Cookies with the SameSite=None in Chrome - Alexandre Machado - 04-08-2024 You didn't specify the application type (http.sys, Indy, ISAPI, ASPX), anyway, IntraWeb correctly sets the cookie attributes as expected in the specs. If you have a 3rd party (or cross-site) cookie you must have both CookieOptions.SameSite = ssoNone CookieOptions.Secure = True and you must use HTTPS only. Any HTTP (not HTTPS) connection will give you this warning because a cross site cookie can't be read in an unprotected HTTP connection. Using ssoLax or ssoStrict on a 3rd party cookie won't work. All this is described in detail here: https://developers.google.com/search/blog/2020/01/get-ready-for-new-samesitenone-secure RE: Cookies with the SameSite=None in Chrome - valmeras - 04-08-2024 OK. Thanks for the response I found that the error message was related to a Google Ads script which was also forcing the browser to be in "Quirk mode". So, I just removed Google Ads! I am going to read the article in details and see if it possible to put the Ads back with the right security level.