Web Connection
Cookie warning
Gravatar is a globally recognized avatar based on your email address. Cookie warning
  Richard Kaye
  All
  Jun 2, 2020 @ 09:03am

Hi Rick,

Finally working on integrating user security into my main application and in testing I am seeing this message in Firefox's dev tools:

Cookie “_IES” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Cookies

Is there something in the framework that deals with setting the attribute that Firefox is complaining about?

TIA

Gravatar is a globally recognized avatar based on your email address. re: Cookie warning
  Rick Strahl
  Richard Kaye
  Jun 4, 2020 @ 12:29am

Yes recent cookie changes allow control over all aspects of how cookies are configured:

I've made some changes while here as well:

  • Made the wwCookie default SameSite policy Strict
  • Changed InitSession() to use the Cookie Object with Strict policy

Strict means cookies are only sent to same site requests and never sent on requests from an external page (for images, and other resources that are 'embedded').

This removes the cookie warning.

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Cookie warning
  Richard Kaye
  Rick Strahl
  Jun 4, 2020 @ 07:29am

Thanks!

I assume that's going to be in the next release?

Gravatar is a globally recognized avatar based on your email address. re: Cookie warning
  Richard Kaye
  Rick Strahl
  Jun 8, 2020 @ 05:56am

Hi Rick,

Can you verify that this is in an update not yet released, or if I should be able to find it in 7.13?

Thanks.

Gravatar is a globally recognized avatar based on your email address. re: Cookie warning
  Rick Strahl
  Richard Kaye
  Jun 8, 2020 @ 12:16pm

It'll be in the next release.

Might be fixed in the latest download, but frankly I'm not sure if that made it...

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Cookie warning
  Richard Kaye
  Rick Strahl
  Jun 8, 2020 @ 01:10pm

No worries. Just making sure I wasn't missing something obvious. It's obviously not urgent at the moment.

Gravatar is a globally recognized avatar based on your email address. re: Cookie warning
  Rick Strahl
  Richard Kaye
  Jun 8, 2020 @ 02:23pm

Well you're in luck - I've updated the 7.13 package again due to another small bug in the console and the cookie update is in there.

Re-download, with the same link and password from your reg email.

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Cookie warning
  Richard Kaye
  Rick Strahl
  Jun 8, 2020 @ 02:46pm

Luck. That's my middle name... 😉

Thanks, RIck.

© 1996-2020