How To Get Magento 2 Store Ready For SameSite Cookie Update

Note: In the wake of COVID-19 pandemic, Google is temporarily rolling back the enforcement of SameSite cookie labelling, starting from April 03, ’20.

Google chrome is scheduled to update to version 80 on February 04, 2020. This update brings changes in how Chrome treats cookies. The update will ensure more security and improved user experience, however, for websites, it may affect adversely.

As a part of improving privacy and security across the web, Google has been implementing secure-by-default handling of third-party cookies.

What does that mean for Magento 2 stores?

  • After this update, Chrome 80 treats cookies with no Samesite value as SameSite = Lax. It disables 3rd party using the cookies. You need to set any cross-site cookies to SameSite=None and label them as secure.
  • Any cross-site cookies with improper labels and the secure attribute for cross-site cookies are useless on Chrome 80 and the above versions.

If you are a Magento 2 store owner and use any third-party integrations that are cookie-dependent, the SameSite cookie update may negatively affect the functionalities. For example, if you are using PayPal for secure payments, the iframe implemented will be affected as it is cookie dependent.

The chrome update affects the website visitors as well as the Magento 2 store admin. Even if your potential customers are preferring Mozilla Firefox, Safari, or other browsers apart from Chrome, this is the warning! Because similar updates are promised from these companies too!

So it is inevitable to get Magento 2 store ready for SameSite cookie update because you may not imagine how indirectly cookies affect the site functionality.

Methods To Get Magento 2 Store Ready For SameSite Cookie Update:

  • Navigate to Chrome
  • Go to chrome://flags/
  • Enable SameSite by default cookies
  • Enable Cookies without SameSite must be secure
  • Open Chrome inspector
  • Migrate to HTTPS secure pages

If after implementing these steps, there’s no error, your Magento 2 store is ready for the SameSite cookie update.

However, if you are seeing an error, you’ll need your developers to fix it.

Gist:

  • Chrome 80 treats all cookies with no declared SameSite value in the same way: they are considered SameSite=Lax cookies.
  • You have to use SameSite=None; Secure parameters to make cookies available for external access.
  • They should be accessed from secure connections.

You can check the Github open issue that may be addressed in the future Magento 2 releases.

This update is not only a challenge for Magento 2 stores or any E-commerce stores but the entire web and it changes the digital advertising scenario forever!

5
(based on 19 Reviews)
How To Get Magento 2 Store Ready For SameSite Cookie UpdateAuthor Magento Badge

Sanjay Jethva

Sanjay is a co-founder at Meetanshi. He is a Certified Magento Developer who loves creating Magento E-commerce solutions. Owing to his contributions in Magento Forums and posting solutions, he is among the top 50 contributors of the Magento community in 2019. When he is not engrossed with anything related to Magento, he loves to play cricket.

Leave a Reply

Your email address will not be published.