https://bz.apache.org/bugzilla/show_bug.cgi?id=64077
Bug ID: 64077
Summary: Support SameSite, Secure and httpOnly parameter
Product: Apache httpd-2
Version: 2.4.41
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_usertrack
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Hello there, because Chrome 80 would treat all cookie which does not mention
SameSite=None as Lax Cookie, I am afraid mod_usertrack cookie cannot be used as
a third party cookie.
1) Configure a httpd virtualhost/server which has mod_usertrack available. lets
call it foobar.com . put a small image, let's say img1.png so that it could be
accessible like foobar.com/img1.png
2) access foobar.com/img1.png. Make sure in browser that appropriate tracking
cookie has been set.
3) Configure another httpd virtualhost/server, say bazbar.com, which has a page
called test.html, containing reference to foobar.com/img1.png
4) While accessing bazbar.com/test.html, Chrome would put warning saying
mod_usertrack cookie is set without SameSite attribute, and From Chrome 80, it
will be treated as Lax cookie, unless explicitly marked as SameSite=None
More info
https://www.chromestatus.com/feature/5088147346030592
https://www.chromestatus.com/feature/5633521622188032
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
