Google's SameSite Cookie Update May Disrupt Functionality

What To Do

Most technology providers, including Essent, already made required updates for its users to avoid disruption from Google Chrome version 80.

Essent customers who have ecommerce sites that are not running on Essent SiteBuilder need to check to make sure that their vendors have made the same updates.

The Google Chrome version 80 update released February 4, 2020 changes the way cookies are handled, causes breaking changes for many websites.

All Essent cloud offerings — including EssentOne, Compass, SiteBuilder, and OrderTrax — handle the Chrome 80 changes and are expected to continue to function as intended.

Essent customers who have ecommerce sites that are not running on SiteBuilder need to check to make sure that their vendors have made updates to be compatible with Chrome 80.

Essent customers with custom ecommerce integrations are urged to review their ecommerce sites to ensure that the sites are configured to work as expected with the new Chrome update.

Other browsers, including Firefox and Microsoft Edge, are expected to make the same change in the near future.

The Issue

The Chrome update, being referred to as the SameSite Cookie Update, changes how cookies are handled.

The default setting used to automatically pass cookies when they’re needed for third-party services like payment card processing. The update turns off the automatic passing.

In other words, there will be instances when third-party services won’t have everything they need to work.

Payment card processing, advertising, content recommendations, third-party widgets, social embeds, punch-out technology, and other features may fail for some users.

Many technology providers, including Essent, have already reconfigured cookies so that functionality will not be affected. Some providers however have yet to make the required changes.

Details

Prior to Chrome 80, cookies for a domain were sent on all requests, regardless of origin. Starting with Chrome 80, cookies are only sent for POST requests originating on the same domain by default unless changes are made to specify that the cookies should be sent on all requests. The update is being called the SameSite Cookie Update.

The change to the default behavior of cookies affects all systems that rely on the browser sending a cookie for the target domain along with a HTTP POST request that originates from a different domain. Affected systems include, but are not limited to:

  • Single sign-on providers, including Azure Active Directory
  • Payment systems that provide payment page functionality, including PayPal, USAePay and Payeezy
  • PunchOut based spend management systems, including Ariba and SAP.

Essent Support pushed an update to all SiteBuilder Pro and EssentOne customers that resolved this issue automatically by specifying cookies with the appropriate properties to meet Chrome’s new requirements. SiteBuilder is ready for the transition, and its cookies have been reconfigured to work with all supported third-party systems that need to interact with the site. End users should not see any interruption when using Essent services during this transition.

Please note that to maintain compatibility with Chrome after this change, all SiteBuilder ecommerce sites now require a HTTPS connection at all times. Users accessing unsecured HTTP URLs for the ecommerce sites will automatically be redirected to the HTTPS version of the page to ensure that their sessions behave as expected.

For More Information

Developer friendly documentation of the SameSite Cookie attribute and its function:


Share This:
FacebookRedditSlashdotDZoneNetvouzTwitThisLinkedInDiigo