Version 80 of Chrome has come to the stable channel of the browser, and with it, a change in the way cookies are handled. As the cookies crumble, it turns out, so does the Internet, with Google saying it hopes that it will cause only “a modest amount of breakage” to websites.
This post was originally published on January 31.
Google constantly iterates the code for its popular Chrome browser, but it extensively tests it before sending code live to the primary stable channel for Google Chrome builds.
Chrome 80 will appear on the stable channel for Google Chrome from February 5, and, as The Register reports, Google’s already aware of at least one change that could affect the websites that you visit on a regular basis if they’re not already prepared.
Specifically, there’s a substantial change in the way that Chrome handles Cookies. As you’re probably aware, these are the snippets of code used to manage user sessions and often also to provide tracking facilities as users jump from site to site. Cookies can be downright abused for matters like fraudulent site identification and the leaking of private information – which means that they’re bad news in the online world of 2020 if left alone.
That’s where Chrome 80 makes a substantial change. As The Register notes:
“Chrome 80’s cookie code will look for the SameSite attribute in webpage HTML and will handle cookies according to the value assigned or by assuming a default value if none has been provided by a site developer. The SameSite attribute supports three primary values: SameSite=None; SameSite=Strict; and SameSite=Lax. SameSite=None is what a web developer would set to allow cookies in a third-party context, but in Chrome 80 an additional flag, Secure, will need to be set because SameSite=None cookies without it will reject them.”
What that boils down to in layman’s terms is that any site currently utilising cookies will need to ensure that they’re setting proper SameSite variables, lest the cookie requests drag the entire structure down to the virtual ground.
SameSite=Lax is the default if tags aren’t set, and Google Engineer Lily Chen noted that “Some sites relying on third-party cookies may break temporarily until developers add “SameSite=None” .
So if the web goes all wobbly for you next week, it could well be the fault of those pesky cookies.
Or a dodgy NBN connection.
Or “those” sites you keep visiting, not that I’m judging.
In the meantime, alternative browsers that already treat cookies with a lot of suspicion, such as Brave and Firefox are readily available. Although if Chrome won’t download them for you because of a cookie error, you may be in a bit of a bind.