Google in its recent update on 28 May 2020, announced to resume its SameSite cookie enforcements. To explain in simpler terms, browsers earlier used to allow the third party websites to inject cookies into user’s computer. It was with the intention to store information such as user’s browsing activities. SameSite cookie enforcements was rolled out to avoids such situation and allow users have a more secured and safe web experience. It’s prime objective is to handle the third party cookies with security by default and provide cookie controls at user’s end.
Google had initiated it’s experiments on SameSite cookie enforcement in early October of 2019. Since then it has launched it to various versions of Chrome starting from 78+. In February 2020, it rolled out it’s initial enforcement for Chrome 80 and since then had planned to gradually increase the rollouts and execute it in a phased manner.
While they had increased their population in March 2020 twice, the same needed to be rolled back temporarily in April due to the novel coronavirus pandemic situation. In their update in April, Google explained that they did not want to disrupt operations of crucial services during such times such as health care, financial services, supply of essentials, etc. Thus they decided to roll back such enforcements. Google gave this update on their blog on 03 April 2020,” ..in light of the extraordinary global circumstances due to COVID-19, we are temporarily rolling back the enforcement of SameSite cookie labeling, starting today. While most of the web ecosystem was prepared for this change, we want to ensure stability for websites providing essential services including banking, online groceries, government services and healthcare that facilitate our daily life during this time. As we roll back enforcement, organizations, users and sites should see no disruption”
In their recent update, Google stated that not only will they resume the SameSite cookie enforcements for Chrome 80+ but also plan to rollout stable release of Chrome 84 on July 14. Justin Schuh – Director, Chrome Engineering said in it’s post “Since April we have continued to monitor overall ecosystem readiness, and engage with websites and services to ensure they are prepared for the SameSite labeling policy. We are planning to resume our SameSite cookie enforcement coinciding with the stable release of Chrome 84 on July 14, with enforcement enabled for Chrome 80+”. If you are keen in setting the SameSite cookie in Chrome or test your site against the Chrome’s new SameSite-by-default cookie behaviour, do refer the following link: https://www.chromium.org/updates/same-site/test-debug.