lightstep-tracer-javascript icon indicating copy to clipboard operation
lightstep-tracer-javascript copied to clipboard
verified publisher icon lightstep

SameSite Cookie attributes

Open tstein4 opened this issue 5 years ago • 0 comments

As you may be aware, in Chrome 80, they're changing the way that cookies are handled if the SameSite attribute isn't set for a cookie.

While looking into cookies that would be affected for our application, we noticed the cookies set by Lightstep, the lightstep_guid%F<cookiename> cookies didn't have SameSite or Secure set. I'm not terribly familiar with what these cookies are used for, but if they are potentially affected by this change in SameSite behavior, I figured it was worth filing an issue.

Another caveat on top of this change in default SameSite behavior, is that it isn't as simple as enabling for all browsers, as certain versions of Chrome will reject if this attribute is set. The list of incompatible clients is included here, which psuedocode as well.

Let me know if there's any additional information or clarification I can provide for this.

tstein4 avatar Feb 06 '20 22:02 tstein4