Magento
Shopware
BigCommerce
Wordpress
Drupal
On February 4th, 2020, Google is scheduled to provide an update to the Chrome browser that will change how Chrome handles SameSite Cookies. That is to say, the most popular web browser on the planet will, for security reasons, not treat cookies that track information for other domains in quite the way that it has historically.
For Magento website owners, this may have some wide-reaching implications. Whether you realize it or not, your site may be reliant on cookies that fall into this category. For instance, you may have software like NewRelic running on your server, or you may be using an iFrame for a secure payment gateway, like PayPal, both of which are known to use such cookies. Additionally, if you have multiple domains and share cookies for your different sites, you may be impacted.
This change can negatively impact your site functionality when Google Chrome moves to version 80. The change impacts both shoppers and administrators.
There is currently an open issue on GitHub to potentially address this in a future Magento release.
Even if you’re in the minority, and most of your shoppers don’t use Chrome as their web browser, keep in mind that other browsers like Mozilla Firefox have committed to making similar updates in the future.
What should you do?
While it is up to you, it would be prudent to have a conversation with your web developers and test a development copy of your website with the SameSite flag set to Lax or Strict to restrict third-party access to cookies. This will allow your developers to check for cookie loading errors, and will also allow you to conduct User Acceptance Testing (UAT) to confirm that you’re not experiencing any issues directly.
You should also be on the lookout for notifications from vendors, like New Relic and PayPal, should they send you any warnings directly.
It’s altogether possible that your site will not be seriously impacted by this update, but better safe than sorry.
Additional Resources
As this change will impact users of other platforms and not only Magento, there are more general articles on this topicand resources that you may find helpful, such as:
MILK Cookie Manager for Chrome
Promiscuous Cookies and Their Impending Death via the SameSite Policy
https://blog.chromium.org/2019/10/developers-get-ready-for-new.html
https://tools.ietf.org/html/draft-west-cookie-incrementalism-00
Updates
As this is a developing issue, we’ll be adding thoughts to this article as more information becomes available. Have any recommended updates for this article that you’d like to share with the community? Please let us know!
