SameSite Cookie Attribute Explained by Example (Strict, Lax, None & No SameSite) 

google has started deprecating Third party cookies (samesite=none essentially) in 2024. You might be among the 1% experiment. that might explain why it's working anymore. I wrote about this here and left resources too. medium.com/@hnasr/google-is-deprecating-3rd-party-cookies-d987603607a7

Thanks a bunch - just what I needed! I found the explanation in a lot of places but the visuals really clarified it for me.

Hussein go bless for explaining this feature so nicely. Even after reading/watching 10's of video - the concept was not clear. Seriously you did a great job explaining it so easily with a practical example

Thanks a lot brother, I recently made a new website and the front end and backend are hosted on two different services, I was breaking my head over why the browser was not sending cookies. This explains why. I guess I have to use some other way, since google deprecated cross site cookies

Finally I understood this concept... Thanks for this great explanation 👍

I checked for this topic on many channels but got it clear from here.....thanks hussein.

Thank u sooo much sir. I was searching for it the whole day but I didn't understand before u explained it. It's really precious

That excitement level for domain name 😂😂😂😂😂

thanks god! I learned this in collage that i paid a lot of money. and now it the first time i really understand this issu . thank you

Very well explained in detail with good example ❤️👍🏻

This is how you explain things!!!!! Thank you so much 🙏🙏🙏. Google Chrome team should use this as their office video because their video is just a crap.

this is an excellent video explaining the same-site policy of cookies!

Thank you! It's very clear now what that cookie with sameSite do

Subscribed. ChatGPT failed to explain this concept. Thanks dude.

Amazing explanation. Thank you Nasser sir.

Thanks for making a clear explanation of SameSite!

Best video for samesite Attribute (Cookies)

This is one of the best illustration for the usage of samesite. thanks

Finally I understand about sameSite parameter, Thx man you save the day

Thanks brother, You saved a lot of time for me :)

Thank you sir. You are a gentleman and a scholar.

Superior content as always.

beautifully explained..thanks

The best explanation i love it so much

haha thanks for the tutorial and positive energy :D

Beautifully visualized!

nice explanation keep it up dude

Thank you for the information. It was really useful.

Amazing explaination !! thanks a ton!!!

Great example! Many thanks

Excellent presentation. Thank you 😁

Thank brother I really appreciate your work and get a lot of experience from you, my question is isn't cookies shloud just work for the same domain?، I mean it shouldn't be exists if you open a new tab for another domain

Brilliant explanation!!!

Still don't know why there's cookie for the second site referencing image from the first one when both are open in chrome. But when one is open in chrome & 2nd in fox it doesn't seem to work.

good explanation thanks!

Wow, you are great man. What a perfect explanation. Thanks!

What a perfect explanation. Thanks.

Greetings from Brazil!

Nice work @ Hussein

Great Explanation. Thank you.

Thanks for this perfect explanation. just perfect

BRILLIANT !!

Good explanation , Thank you so much

what makes the image display only with the cookie? I thought the cookie being strict means it lets you access the cookie itself from the same site only. where is the code for the img, and how do you make it follow the cookie settings?

Great explanation, thanks for sharing.

Thanks for the video

@hnasr usually when you visit a site, the server will send the cookie to the browser right. But in the video, you have mentioned several times that "Browser" will not send the cookie if it's cross site. Can you explain on this please ?

too good. thanks for this video!

Thanks

@hnasr The server setup things you mentioned at ~ 1.56m, which of your video teaches such server setups? You have many videos

Please some one clear my doubt, The image of one domain is getting loaded on another domain if the attribute Same-site has the value None right but what about the SOP (Same Origin Policy) ain't it gonna block the responses from cross domain ?

excellent thank you

That's the best explanation ever! Well done my friend. Keep it going

Brilliant explanation, thanks.

Thanks for the explanation

What if we want to make any request from Domain A through api call to fetch information from Domain B when same site = Strict ? what is the way to achieve the same

If same site attribute is set to lax the browser is sending the cookie then how it prevent csrf?

Thanks Boss!

Thanks for this bro...

Thanks sir, very helpful

Sir please make a video on how to access cookie from other website. Means how cross-site is done. 🙏🙏🙏🙏🙏🙏🙏🙏🙏🙏🙏🙏🙏

Very nice 👍

Excellent example with IMG and A, a question, How about IFRAME and AJAX?

How do we set samesite = none?

@hussein Nasser: Does this applies to webscoket?

How Can we access the cookies in request header with httpOnly ?? Plz help i m in trouble to get these cookies in all request header

Is it possible they have patched this? I can't get cross-site cookies working! I used your express file and uploaded to render. Then I also made a GitHub page with an image src pointing to the render https link, but the cookie is never sent!!

This is nice explanation But there is a room for explanation around the cookies being set while calling login api

Is it possible to access samesite lax cookie in case api is integrated with openid connect for single sign on. Currently why they are inaccessible because oidc url auto redirects to my api and at that time api try to read the cookies at server side. Any suggestions on this please??

Thanks for the explanation Hussein. I got one question ..if someone is using my site login page on their website then who would set the samesite : none (I as a site owner or the one who is using our login page). Could you please help me find this. I have set in my code samesite:none but when I am trying to login through their site it still showing samesite:Lax while when I login through mysite changes are reflecting as none

Hi , I have a small doubt . What would be the case when it is not Secure . Please let me know the behavior when both are communicating with HTTP

Very impressive explanation, but how do you set a cookie with a domain other than your own?

thanks

Thanks :)

Thanks for the great example. But how do you set these properties on a site with a drag-and-drop site builder is the real question?

I am getting HTTP error 405, any advices?

I need same site mode strict but then my redirection from a payment site is not working. Is there any solution to keep it working without changing same site strict mode?

why redirection to a site not working when same site is lax but the request from another site is 'post'? will this works only for 'GET'? Iam getting issue when my my site is redirected from a payment gateway. They are redirecting using a POST request.

you can keep the devtools open!

Hi, does thed same site attribute provide protection on all browsers like IE, Firefox or just chrome latest

Hi Nasser, I have a question, How is https in the video implemented? No certificate is imported in the source code.

thanks!!

Stating the obvious here but this is a HTTPS only feature, so the flags won't work in any dev environments that don't have https configured

same-site = None useless? i'd say no. Its pretty useful during development phase when your frontend and backend are running at different ports

❤️

haha. master

SUBSCRIBER ++

cmd+/

Still Having trouble with SameSite? Rowan from Google is willing to help one-on-one check his twitter twitter.com/rowan_m/status/1280821505757044736?s=21