Make WordPress Core

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#48183 closed defect (bug) (duplicate)

Chrome SameSite Cookies - Investigate what could possible go wrong

Reported by: danielkanchev's profile danielkanchev Owned by:
Milestone: Priority: normal
Severity: major Version: 5.2.3
Component: Login and Registration Keywords: needs-testing
Focuses: multisite Cc:


This is more an awareness ticket and not a bug. Still, I consider this to be very important for core, plugins devs and themes devs, as well as integrations which rely on cookies.

With Chrome 80 a SameSite attribute is introduced. It will be set to SameSite=Lax by default unless devs of sites set it to Strict or None. Details here:

It is important to:

  1. Check if this affects WordPress core - single and multi-site.
  2. Properly communicate this with plugins/themes devs.

Feel free to edit this ticket in case it is not in the correct category, etc.

Change History (3)

This ticket was mentioned in Slack in #hosting-community by daniel_kanchev. View the logs.

5 years ago

#2 @johnbillion
5 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Thanks for the report @danielkanchev! We've got #37000 already, I'll close this as a dupe so we can keep the discussion in one place.

#3 @danielkanchev
5 years ago

Thanks for the info @johnbillion I am glad you are aware of this. Thanks!

Note: See TracTickets for help on using tickets.