New Message Search Latest Redo
Web Connection
Have you seen this Google gift - "Reject insecure SameSite=None cookies"
Gravatar is a globally recognized avatar based on your email address. Have you seen this Google gift - "Reject insecure SameSite=None cookies"
  Michael B
  All
5M30B4821
  Oct 29, 2019 @ 05:11am
Reply

Rick,

I noticed a gift from google chrome today when looking in the dev console.

Thoughts?

Gravatar is a globally recognized avatar based on your email address. re: Have you seen this Google gift - "Reject insecure SameSite=None cookies"
  Rick Strahl
  Michael B
5M30QN6J8
  Oct 29, 2019 @ 12:25pm
Reply

Maybe you should be a little less cryptic with your oracle proclamations? 😉

Gravatar is a globally recognized avatar based on your email address. re: Have you seen this Google gift - "Reject insecure SameSite=None cookies"
  Michael B
  Michael B
5M40XG0O2
  Oct 30, 2019 @ 03:36pm
Reply

Sorry Rick - was short on time. I had hoped you'd see the subject and be like 'oh that...'

I was doing some console debugging and noticed a reference to this error "Reject insecure SameSite=None cookies" with a link pointing to here for more info - - The poignant change in Chrome is this "Deprecate and remove the use of cookies with the SameSite=None attribute but without the Secure attribute. Any cookie that requests SameSite=None but is not marked Secure will be rejected."

I believe we may need to add some attributes to the cookies that the WWWC platform writes, or if you already have a way to do this, let me know. I have basically hidden from cookies since day one, because WWWC deals with them for me.

Gravatar is a globally recognized avatar based on your email address. re: Have you seen this Google gift - "Reject insecure SameSite=None cookies"
  Rick Strahl
  Michael B
5M50SXSRO
  Oct 31, 2019 @ 01:30pm
Reply

I don't think this is a problem for WWWC because currently there's no support for same site cookies at all 😃

But you're right - I think we need a more flexible approach. The current Response.AddCookie() method is really a mess, so I think what's needed is a Cookie class that we can set all the different properties on and then let the class generate the cookie rather than passing 10 parameters...

Easier to test for end users as well as you could check this out from the command window.

Not going to happen right away though - that's going to take a bit more effort. +++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Have you seen this Google gift - "Reject insecure SameSite=None cookies"
  Rick Strahl
  Michael B
5M50U2AR8
  Oct 31, 2019 @ 02:01pm
Reply

Ok so maybe not that complicated 😃

Added the following via a new wwCookie class.

loCookie = CREATEOBJECT("wwCookie")

loCookie.CookieName = "testvalue"
loCookie.Value = "NewValue"
loCookie.Expires = DATE() + 10
loCookie.SameSite = "None"
loCookie.Secure = .T.
loCookie.HttpOnly = .T.

? loCookie.ToString()

Response.AddCookie(loCookie)

The cookie class from the above generates:

testvalue=NewValue; path=/; SameSite=None; HttpOnly; Secure; Expires=Sun, 10 Nov 2019 10:00:00 GMT

This should allow a lot more control over the cookie.

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Have you seen this Google gift - "Reject insecure SameSite=None cookies"
  Stein Goering
  Rick Strahl
5MG0TY2X4
  Nov 11, 2019 @ 01:58pm
Reply

Is the wwCookies code included in the current 7.09 download?

--stein

Gravatar is a globally recognized avatar based on your email address. re: Have you seen this Google gift - "Reject insecure SameSite=None cookies"
  Rick Strahl
  Stein Goering
5MG0WRWH8
  Nov 11, 2019 @ 03:17pm
Reply

No it'll be in the next update.

+++ Rick --

© 1996-2024