Cookie recipes - SameSite and beyond

Рет қаралды 12,663

4 жыл бұрын

Cookies really can make everything better! However, you need the right recipes and you shouldn't take too many. Hopefully you've already updated your cookies for the new SameSite changes, but that one change is just a taste of what's possible. Learn about the different cookie attributes and naming conventions that will help you tailor your cookies for the right situation.
Resources:
SameSite cookies explained → goo.gle/2VoXdUz
Debugging guide → goo.gle/3dJRPC1
Demo site → goo.gle/2A6CJZi
Related Playlist:
Day 3 → goo.gle/WDL20Day3
Subscribe to the Chrome Developers → goo.gle/ChromeDevs
Speaker:
Rowan Merewood
#webdevLIVE #SameSite #webcookies event: web.dev LIVE 2020; re_ty: Publish; fullname: Rowan Merewood; product: Chrome - General;

Пікірлер: 16

@LukePuplett 4 жыл бұрын

Rowan is extremely clear and well-paced. Well done.

@dominiquebello3212 3 жыл бұрын

Awesome! Just what I was looking for. So well explained, clear and strict to the point! Thank you!

@tim.e.l 4 жыл бұрын

Mmmm cookies. Thanks for all the Devtools info it is always helpful to learn more about debugging issues like this. I have never dealt with giant websites so it has always been fairly easy, but this is great to know. I didn't think I would learn much, but I have to say I definitely learned a few things so thank you.

@abrarcalculas 3 жыл бұрын

The dev tools troubleshooting and the netlog_analyzer was super helpful. Now I can debug my cookie related nightmares without tearing the remainder of my hair. Thanks Rowan for this insightful lesson.

@cocklegrande1 4 жыл бұрын

What a nice explanation of SameSite 'Lax' vs 'Strict'! Awesome video, thank's a thousand times!!!

@RajKumar04041992 4 жыл бұрын

At 6:47 "So that blog hosting example, if you set up a SameSite equals Strict cookie, pretty much the same as your session, but you treat it like a token for write permission and validate that it's included on that form submission, then you can be pretty sure it came from the user submitting the form actually on your site." Can someone please help me understand the " but you treat it like a token for write permission and validate that it's included on that form submission" part.

@RoterFruchtZwerg 4 жыл бұрын

Thx for this in depth look on the changes and debugging. However, whenever I see videos/tutorials on SameSite I miss information about all the edge cases that are not really irrelevant. Like how does samesite=strict affect top level navigations caused by opening a new tab, manually typing a URL, clicking a bookmark, a shortcut on the homescreen, a link inside a native app, a link inside an apps webview, a custom chrome tab, a chrome extension, etc... What about cascading redirects away and back to the site? That's important when dealing with federated logins (SAML, OAuth, ...). So many questions 🙈

@RowanMerewood 4 жыл бұрын

I appreciate there's a lot of scope and nuance out there. I've gone into some detail on the POST callback pattern here: goo.gle/samesite-3d-secure

@rhncnd 4 жыл бұрын

I'll sticky note this cookie recipe on my fridge.

@demven04 3 жыл бұрын

Very interesting, thanks

@EddyVinck 4 жыл бұрын

At some point someone will search for "cookie recipes" and stumble upon this video.

@minumakes4961 4 жыл бұрын

🌈 loved it, nicee recipe 💛💛💛

@PaulKinlan 3 жыл бұрын

Two bits.

@tylerchilton637 3 жыл бұрын

Chrome sucks. I just got bit by the same-site= lax "fix". This was a horrible move. You have no idea the amount of work this has caused and at the worst possible time...FML

@robertlinder8464 3 жыл бұрын

This is an effort by all major browsers to move to a more secure default for users. Deal with it.

@MaxCoplan 3 жыл бұрын

Also you had like 6 months to fix it