Magento Hosting Emergency? Learn About Our Magento Hosting Rescue Service! ❯

    We can help you. Right now.
    Fast growing merchants depend on JetRails for high-stakes hosting. Experience counts. Let's get started.
    Your message has been received, a representative will be contacting you shortly. if you have an emergency, please call us at 1 (888) 997-2457 or email us at [email protected]
    Call us at:1 (888) 997-2457

    How Magento Sites May Be Impacted By New SameSite Cookie Rules

    Magento SameSite Cookies Feb 2020


    On February 4th, 2020, Google is scheduled to provide an update to the Chrome browser that will change how Chrome handles SameSite Cookies. That is to say, the most popular web browser on the planet will, for security reasons, not treat cookies that track information for other domains in quite the way that it has historically. 

    For Magento website owners, this may have some wide-reaching implications. Whether you realize it or not, your site may be reliant on cookies that fall into this category. For instance, you may have software like NewRelic running on your server, or you may be using an iFrame for a secure payment gateway, like PayPal, both of which are known to use such cookies. Additionally, if you have multiple domains and share cookies for your different sites, you may be impacted.

    This change can negatively impact your site functionality when Google Chrome moves to version 80. The change impacts both shoppers and administrators.  

    There is currently an open issue on GitHub to potentially address this in a future Magento release.

    Even if you’re in the minority, and most of your shoppers don’t use Chrome as their web browser, keep in mind that other browsers like Mozilla Firefox have committed to making similar updates in the future.

    What should you do?

    While it is up to you, it would be prudent to have a conversation with your web developers and test a development copy of your website with the SameSite flag set to Lax or Strict to restrict third-party access to cookies. This will allow your developers to check for cookie loading errors, and will also allow you to conduct User Acceptance Testing (UAT) to confirm that you’re not experiencing any issues directly.

    You should also be on the lookout for notifications from vendors, like New Relic and PayPal, should they send you any warnings directly.

    It’s altogether possible that your site will not be seriously impacted by this update, but better safe than sorry.

    Additional Resources

    As this change will impact users of other platforms and not only Magento, there are more general articles on this topicand resources that you may find helpful, such as:

    MILK Cookie Manager for Chrome

    SameSite Cookies in Practice

    Promiscuous Cookies and Their Impending Death via the SameSite Policy


    As this is a developing issue, we’ll be adding thoughts to this article as more information becomes available. Have any recommended updates for this article that you’d like to share with the community? Please let us know!

    About The Author
    Robert Rand
    Director of Partnerships & Alliances

    Robert is a Magento 1 and 2 Solution Specialist with over a decade of experience in helping merchants benefit from sound ecommerce and digital marketing strategies. He’s highly experienced at harnessing the power of ecommerce technologies and solutions to help businesses of all types and sizes grow and succeed.

    Get A Free Consultation From The JetRails Team

    Need Help With Hosting Support, Security, Scalability, Speed, or Stability?

      More Articles
      Why Improved Import & Export Is Such A Popular Magento 2 Extension
      View Article
      Magento Critical Security Patches 2.4.5-p1 and 2.4.4-p2
      View Article
      Magento 2.4.5 and August 2022 Magento Ecosystem News
      View Article