SameSite cookie changes February 2020

From February 2020, web browsers will start enforcing some stricter rules about cookies. Chrome will be the first with others following in time. They keyword you may have seen is SameSite and what it basically means is that the default settings are more secure, and it will be easier for browsers to let users manage different types of cookies differently.

Different types of cookies

First-party cookies (sometimes called domain cookies) are usually about making the site work at all or are for user convenience. They handle things such as keeping you logged in to a site, remembering preferences, offering you a quicker login.

Third-party cookies are those set by a different domain and are typically things like trackers. Some are relatively harmless, whilst others may raise privacy concerns..

The technical bits

The specific changes that browsers are making are to enforce a SameSite value of 'none' on first-party cookies, and 'Secure' on third party cookies.

The important bit:

OpenAthens has already checked the operational parts of the service and users will not be affected during authentication, or lose their OpenAthens session because of this change - there is nothing to worry about there.

If you want to check this out in OpenAthens or any other site before your users start upgrading their browsers, you can and here's how:

Chrome

If you have version 76 or later you can manually change the setting to enforce this before version it starts being enabled by default (expected in v80). To do so enter this in your address bar:

chrome://flags/#cookies-without-same-site-must-be-secure

... and change the setting to enabled

Firefox

If you have version 69 or later you can manually change the setting to enforce this by going to about:config in the address bar and searching for:

network.cookie.sameSite.noneRequiresSecure