SameSite is making headlines because Google’s Chrome 80 browser will enforce a first-party default on all cookies that don’t have the attribute set. This will lead to repercussions if companies who rely on third-party cookie requests don’t make changes by the February 4 deadline.
SameSite Cookie Attribute: What It Is And Why It Matters
SameSite cookie attributes - what they are and how Google’s Chrome 80 defaults will impact ad tech vendors and publishersSince we have a collaboration portal, we use third-party-cookies. The fix? Set the attribute to Samesite=none. Should be easy but I can’t get it to work on the A10. The syntax is fine, but the rule never triggers. We get 0 hits. Environment below. No other aflex rules are affected and their content does not override the new rule.
slb virtual-server vip-123.456.78.9-http-cm 205.138.36.4
port 80 http
aflex http-https-redirect-w-302
aflex Remove-all-instances-server-header
aflex HTTP_REQUEST
aflex generic_samesite_none
service-group HTTPS-REDIRECT
port 443 https
name _123.456.78.9_HTTPS_443
access-list name WEB-Subnet source-nat-pool nat-123.456.78.1
aflex Disable-TLS10
aflex Remove-all-instances-server-header
aflex HTTP_REQUEST
aflex generic_samesite_none
service-group vip-123.456.78.9-https-serverfarm
template persist cookie vip-123.456.78.9-https-stickyfarm
template http NODEJS
template client-ssl test
!
**Rule -syntax is fine but rule just get’s bypassed. Open to any other rule to accomplish the same thing. Or, can someone tell me why the rule won’t trigger?
when HTTP_RESPONSE {
set cookie_headers [HTTP::header values “Set-Cookie”]
HTTP::header remove “Set-Cookie”
foreach set_cookie_header $cookie_headers {
HTTP::header insert “Set-Cookie” “${set_cookie_header}; SameSite=None”
}
}**
