SameSite Cookies: What You Need to Know
Browsers implement a new cookie attribute to preserve user privacy
In 2020, consumer privacy is a top priority for every publisher, and that includes many changes to how cookies are used all over the web. Among these new standards is the release of a new attribute called SameSite cookies, which will be implemented across most browsers, including Google Chrome, Firefox, and Microsoft Edge.
Released by Google, SameSite cookies will control whether or not a cookie is sent with requests. Here's a good explanation of what this means from web.dev:
Each cookie is a key=value pair along with a number of attributes that control when and where that cookie is used. You've probably already used these attributes to set things like expiration dates or indicating the cookie should only be sent over HTTPS. Servers set cookies by sending the aptly named Set-Cookie header in their response.
The cadence for the cookie looks like this:
Here's an example of how SameSite cookies are used, also from web.dev:
Say you have a blog where you want to display a "What's new" promo to your users. Users can dismiss the promo and then they won't see it again for a while. You can store that preference in a cookie, set it to expire in a month (2,600,000 seconds), and only send it over HTTPS. That header would look like this:
Set-Cookie: promo_shown=1; Max-Age=2600000; Secure
The new attribute will impact ad providers, tracking systems, and anybody who uses third- party cookies. There are three instances where the use of SameSite cookies is particularly important:
Ad Providers and Tracking Systems: If you're running ads on your site, you will need to confirm with your ad providers that they're ready for the SameSite cookie update. Most large ad networks will likely already have it implemented.
If you have any questions about the SameSite cookie update, email firstname.lastname@example.org or talk to your account manager today.