SameSite cookies explained

🕵️‍♂️Chrome 這波 cookie 安全策略的升級估計會影響很多第三方的 cookie！

https://web.dev/samesite-cookies-explained/?utm_source=xgqfrms.xyz

https://web.dev/samesite-cookie-recipes

cookies explained

Set-Cookie: promo_shown=1; Max-Age=2600000; Secure

Cookie: promo_shown=1

document.cookie;

document.cookie = "promo_shown=1; Max-Age=2600000; Secure";

chrome://flags/#cookies-without-same-site-must-be-secure

about:config

http://kb.mozillazine.org/About:config

MDN

https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/Set-Cookie#Browser_compatibility

Set-Cookie: <cookie-name>=<cookie-value> 
Set-Cookie: <cookie-name>=<cookie-value>; Expires=<date>
Set-Cookie: <cookie-name>=<cookie-value>; Max-Age=<non-zero-digit>
Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>
Set-Cookie: <cookie-name>=<cookie-value>; Path=<path-value>
Set-Cookie: <cookie-name>=<cookie-value>; Secure
Set-Cookie: <cookie-name>=<cookie-value>; HttpOnly

Set-Cookie: <cookie-name>=<cookie-value>; SameSite=Strict
Set-Cookie: <cookie-name>=<cookie-value>; SameSite=Lax

// Multiple directives are also possible, for example:
Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>; Secure; HttpOnly

None, Lax, Strict

---

demo

A cookie associated with a cross-site resource at http://hm.baidu.com/ was set without the SameSite attribute.
A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure.
You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

Cookies default to SameSite=Lax

https://www.chromestatus.com/feature/5088147346030592

Reject insecure SameSite=None cookies

https://www.chromestatus.com/feature/5633521622188032

---

---

©xgqfrms 2012-2020

www.cnblogs.com 發布文章使用：只允許注冊用戶才可以訪問！

---