Hi Rick,
Finally working on integrating user security into my main application and in testing I am seeing this message in Firefox's dev tools:
Cookie “_IES” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Cookies
Is there something in the framework that deals with setting the attribute that Firefox is complaining about?
TIA
Yes recent cookie changes allow control over all aspects of how cookies are configured:
I've made some changes while here as well:
- Made the wwCookie default SameSite policy
Strict
- Changed
InitSession()
to use the Cookie Object with Strict policy
Strict
means cookies are only sent to same site requests and never sent on requests from an external page (for images, and other resources that are 'embedded').
This removes the cookie warning.
+++ Rick ---
Thanks!
I assume that's going to be in the next release?
Hi Rick,
Can you verify that this is in an update not yet released, or if I should be able to find it in 7.13?
Thanks.
It'll be in the next release.
Might be fixed in the latest download, but frankly I'm not sure if that made it...
+++ Rick ---
No worries. Just making sure I wasn't missing something obvious. It's obviously not urgent at the moment.
Well you're in luck - I've updated the 7.13 package again due to another small bug in the console and the cookie update is in there.
Re-download, with the same link and password from your reg email.
+++ Rick ---