RiTribes is home to a variety of people, perspectives, ideas, and information.

Email: support@ritribes.com

Upcoming SameSite Cookie Changes

  • By rian twizer
  • October 31, 2019
  • Comment
Changes to Improve Security Are Supported by RiTribes.

Ritribes has updated its security to match Google plans to add support for new privacy and security features in Chrome, same-site cookies. The feature announced at the company’s I/O 2019 developer conference is now available with the recent release of Chrome 76 we can test these features today before they become the “default” behavior in the Chrome browser. RiTribes joins Google and website owners to update their sites and convert old cookies that were used for sensitive operations, such as login operations and managing per-site settings, to Same-Site cookies. SameSite is a 2016 extension to HTTP cookies intended to mitigate cross-site request forgery (CSRF).

The biggest change that Google roll out is in regards to how it treats cookie files. These new controls are be based on a new IETF standard that Chrome and Mozilla developers have been working on for more than three years. This new IETF specification describes a new attribute that can be set inside HTTP headers. Called “SameSite,” the attribute must be set by the website owner and should describe the situations in which a site’s cookies can be loaded.


Context of a cookie as None, Lax, or Strict

A SameSite attribute of “strict” will mean the cookie can only be loaded on the “same site.” Setting attributes such as “lax” or “none” will allow the cookies to be loaded on other sites as well. More details about the SameSite IETF specification –currently a draft– are available in RFC 6265, on the MDN portal, and in this introductory blog post on Google’s web.dev tutorial site.

 Simply put, this creates a dividing line between cookies, which will become either same-site or cross-site cookies.


RiTribes Analytics- Browser Distribution

Note that Chrome is currently targeting ~M80 (February 2020) to push the `SameSite=None` requirement on third-party cookies https://www.chromestatus.com/feature/5088147346030592 Maybe like other software development delays this will be delayed by a month into March or April 2020. Whenever it arrives, it could be a more significant browser update than Apple’s ITP because Chrome is a much more popular web browser on the web.

What does it mean?

The end of digital advertising ecosystem’s reliance on cookies for tracking and attribution has been a long time coming.
Cookies aren’t supported on mobile apps, and the mobile web and apps now account for the majority of ad spend. Google and Facebook have led a shift away from cookies to relying on deterministic IDs of signed-in users. Chrome is not a first one to act, either. It’s following in Apple’s Intelligent Tracking Prevention (ITP) footsteps. The latest version, ITP 2.2, will limit cross-site cookie tracking of users in Safari to one day. Microsoft as well announced its Chromium based Edge browser will also have new tracking controls for third-party cookies. For marketers, the full impact of these changes and how users respond to the tools likely won’t be seen for months, but stand to have a significant impact on remarketing, analytics and attribution efforts. It’s also unclear if (or how much) Chrome’s new requirements will benefit Google with its first-party relationships with billions of users over other ad tech firms.

And for those who are asking what are cookies?

A cookie is a small text file that a website or app sends to a user’s device. This text file collects information about user actions on websites. Cookies store helpful information to enhance users’ experiences with websites, and possibly to improve the ability to reconnect with them later. Information collected by cookies can include the user’s preferred language, device settings, browsing activities, and other useful information. Companies like Google use cookies to make ads more relevant to their users. They also track analytics such as counting the number of visitors to a page, locations of visitors, search preferences and so on.


Use of Cookies

Cookies generally are used to perform one or all of the following:

  • Authentication: Cookies help websites determine if a user is logged in, and then deliver the right experience and features to that unique user.
  • Security: Cookies help impose security measures on a website. They also help detect unusual and suspicious activities.
  • Advertising: Cookies deliver a better advertising experience for both users and advertisers. Cookies help connect advertisers to users who are most interested in their products based on the user’s browsing history. I hope this helped to better understand cookies and Google new SameSite release.