SameSite as a whole is still experimental. To date there is no accepted RFC that updates the cookie RFC. All we have are RFC drafts filed by Google, that are all expired.
The only real "standard" is what the majority of browsers implement, and even that is not something I can point to because each of the browsers may treat cookies differently as there is not standard. > On Jan 22, 2020, at 14:11, Jonathan Vanasco <[email protected]> wrote: > > 1. Bert, thank you! > > 2. Mike, this stuff is generally a mess: > > There are now 4 valid options for a cookie: > > Python Value | Cookie Value (all strings) > None | > "None" | None < this is the new "experimental" one that google has > forced > "Strict" | Strict > "Lax" | Lax > > > > > You are supposed to still have the behavior you desire as long as the > samesite is "lax" and the cookie has a "domain" attribute. That's the public > hope, at least. There are some releases of specific browsers that are > broken. It is a mess. > > However, you need to understand these changes mean that the experience is > definitely going to break for some amount of users, as some browsers can't > handle the samesite values. Browser sniffing can help get around that. > > My approach would be deciding which users to prioritize and if you need to > work on browser sniffing. I would look at your traffic logs to decide that. > > If you have a lot of chrome traffic, you need to do browser testing WITH > SPECIFIC CHROME FLAGS SET. Not all installations of chrome have these set. > > IIRC the flags you want to enable are: > > chrome://flags/#same-site-by-default-cookies > <chrome://flags/#same-site-by-default-cookies> > chrome://flags/#cookies-without-same-site-must-be-secure > <chrome://flags/#cookies-without-same-site-must-be-secure> > > > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/pylons-discuss/63b211be-0190-4458-a376-8efc2817644a%40googlegroups.com > > <https://groups.google.com/d/msgid/pylons-discuss/63b211be-0190-4458-a376-8efc2817644a%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/A2CF8D59-48D2-4782-83CD-7E6A9A301228%400x58.com.
