I have set a cookie from an api and returned it as a response. But the latest version of chrome beta is not letting me to store the cookie. I have also set the SameSite="None" and Secure for considering third party cookies. But this is not getting stored.
Check chrome://settings/content/cookies. You want to ensure that:
"Allow sites to save and read cookie data (recommended)" is enabled
"Block third-party cookies" is disabled
Check the other settings there to ensure that the site is not on the "Block" list.
You should also check that you don't have any extensions that are affecting cookie behaviour. A quick way of generally testing this is to try in Incognito Mode or by creating a new Chrome profile.
Related
Since with Chrome 80(upcoming change in Feb2020), they are enforcing SameSite and Secure attributes to be set in a cookie to access that on a third party context. What happens to the existing cookies that are already in the browser which does not have SameSite and Secure attribute. Once Chrome rolls out its changes, will those legacy cookies sent on third party context?
Existing cookies without a SameSite attribute will be treated as if they are SameSite=Laxand restricted to a first party context. If you have existing cookies that need do not currently have the attribute and will need to be sent in a third-party context you should be actively refreshing them now.
I ran into such a problem.
When I run the application on my laptop (Linux/Ubuntu 18) in the developer console in the Chrome browser, I have this message
A cookie associated with a cross-site resource at
http://pubsub.rtschannel.com/ was set without the SameSite
attribute. A future release of Chrome will only deliver cookies with
cross-site requests if they are set with SameSite=None and Secure.
You can review cookies in developer tools under
Application>Storage>Cookies and see more details at
https://www.chromestatus.com/feature/5088147346030592 and
https://www.chromestatus.com/feature/5633521622188032.
On another laptop (Linux/Ubuntu 16) in the Chrome browser, when the application is launched locally, there is no such message.
I tried to find at least some information on this subject, but alas I couldn’t. The only thing I could find was the link inside the message that it was a browser bug and in Chrome version number 80 it should be fixed and this setting would be added by default.
Please tell me, does it depend on the browser settings, or can I somehow influence this message programmatically? Can I clean it somehow?
On the project, I use angularjs if this can help.
Thanks.
These warnings are purely informational at the moment and do not affect site functionality. This behaviour will not be enforced until Chrome 80 which is due to hit stable in Feb 2020.
You can simply turn off the messages by setting chrome://flags/#cookie-deprecation-messages to Disabled. However, that is purely affecting the display of the messages.
If the pubsub.rtschannel.com is not your domain, e.g. it's a third-party service you use, then it's that domain that will be responsible for updating the cookies.
If it is your domain, then you need to review the cookie usage and set an appropriate value for the SameSite attribute on the cookie. You can find more context and guidance on https://web.dev/samesite-cookies-explained.
I am working on "Keep Me Log in" part of a site.However, when I close the chrome, only local cookies that I am working on are deleted. Other cookies from other sites remains. Does it have to be like that or is there any option for not-deleting the local cookies?. Thanks.
You need to be more specific.
There's cookies and localStorage, it's 2 different client persistance option. Neither get delete by navigator (Unless you're in private browse).
Cookies have a lifetime, maybe you don't set it right. Are you using a framework that can interferr here ?
Moreover, Chrome doesn't support cookies on localhost.
I just want to know how does Multi Login Extension works. I already read all the documentation in chrome but I didn't see any Session duplication like multilogin does.
This is the link of this extension.
https://chrome.google.com/webstore/detail/multilogin/nccllfnllopfpcbjdgjdlfmomnfgnnbk?hl=en
Thanks.
With MultiLogin installed, there is still a single CookieStore like before. But MultiLogin has its own persistent storage for the cookies that belong to each profile. When a cookie is set, MultiLogin records it and remembers the associated profile. When a link is clicked, MultiLogin intercepts the request and creates an HTTP header for only the cookies in that profile. And when some JavaScript evaluates document.cookie, MultiLogin provides a getter that knows the cookies for that profile.
Is there a way in the Chrome Extension API to add an exception URL for 3rd party cookies?
I have looked at content settings and privacy and found nothing. I know I can force allow 3rd party cookies altogether, but that seems invasive to the user.
It's not even possible to do it manually by going to chrome://settings/contentExceptions#cookies
If the "Block third-party cookies" setting is enabled, you cannot add any exception! You can only disable this option and allow all third-party cookies at the same time.
Pretty stupid from Google, I guess they're trying to force users to not block third-party cookies.
I'm always blocking third-party cookies, but because it wasn't working for attachments in gmail (emails are served from mail.google.com and attachements from mail-attachment.googleusercontent.com) I wanted to add those two domains to the exception list but cookies would still remain blocked. Only disabling the "Block third-party cookies" option would allow cookies to be set from third-party domains.
Hope that clears things up. Cheers!