Web Connection
Have you seen this Google gift - "Reject insecure SameSite=None cookies"
Gravatar is a globally recognized avatar based on your email address. Have you seen this Google gift - "Reject insecure SameSite=None cookies"
  Michael B
  All
  Oct 29, 2019 @ 05:11am

Rick,

I noticed a gift from google chrome today when looking in the dev console.

Thoughts?

Gravatar is a globally recognized avatar based on your email address. re: Have you seen this Google gift - "Reject insecure SameSite=None cookies"
  Rick Strahl
  Michael B
  Oct 29, 2019 @ 12:25pm

Maybe you should be a little less cryptic with your oracle proclamations? 😉

Gravatar is a globally recognized avatar based on your email address. re: Have you seen this Google gift - "Reject insecure SameSite=None cookies"
  Michael B
  Michael B
  Oct 30, 2019 @ 03:36pm

Sorry Rick - was short on time. I had hoped you'd see the subject and be like 'oh that...'

I was doing some console debugging and noticed a reference to this error "Reject insecure SameSite=None cookies" with a link pointing to here for more info - - The poignant change in Chrome is this "Deprecate and remove the use of cookies with the SameSite=None attribute but without the Secure attribute. Any cookie that requests SameSite=None but is not marked Secure will be rejected."

I believe we may need to add some attributes to the cookies that the WWWC platform writes, or if you already have a way to do this, let me know. I have basically hidden from cookies since day one, because WWWC deals with them for me.

Gravatar is a globally recognized avatar based on your email address. re: Have you seen this Google gift - "Reject insecure SameSite=None cookies"
  Rick Strahl
  Michael B
  Oct 31, 2019 @ 01:30pm

I don't think this is a problem for WWWC because currently there's no support for same site cookies at all 😃

But you're right - I think we need a more flexible approach. The current Response.AddCookie() method is really a mess, so I think what's needed is a Cookie class that we can set all the different properties on and then let the class generate the cookie rather than passing 10 parameters...

Easier to test for end users as well as you could check this out from the command window.

Not going to happen right away though - that's going to take a bit more effort. +++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Have you seen this Google gift - "Reject insecure SameSite=None cookies"
  Rick Strahl
  Michael B
  Oct 31, 2019 @ 02:01pm

Ok so maybe not that complicated 😃

Added the following via a new wwCookie class.

loCookie = CREATEOBJECT("wwCookie")

loCookie.CookieName = "testvalue"
loCookie.Value = "NewValue"
loCookie.Expires = DATE() + 10
loCookie.SameSite = "None"
loCookie.Secure = .T.
loCookie.HttpOnly = .T.

? loCookie.ToString()

Response.AddCookie(loCookie)

The cookie class from the above generates:

testvalue=NewValue; path=/; SameSite=None; HttpOnly; Secure; Expires=Sun, 10 Nov 2019 10:00:00 GMT

This should allow a lot more control over the cookie.

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Have you seen this Google gift - "Reject insecure SameSite=None cookies"
  Stein Goering
  Rick Strahl
  Nov 11, 2019 @ 01:58pm

Is the wwCookies code included in the current 7.09 download?

--stein

Gravatar is a globally recognized avatar based on your email address. re: Have you seen this Google gift - "Reject insecure SameSite=None cookies"
  Rick Strahl
  Stein Goering
  Nov 11, 2019 @ 03:17pm

No it'll be in the next update.

+++ Rick --

© 1996-2019