Problem: Chrome – Mark cross-site cookies as Secure to allow setting them in cross-site contexts

Cookies are one of the methods available for adding persistent state to web sites. Over the years their capabilities have grown and evolved, but left the platform with some problematic legacy issues. To address this, browsers (including Chrome, Firefox, and Edge) are changing their behavior to enforce more privacy-preserving defaults. If you want to read an excellent article on this topic, you can click this link.

If you see the warning message in the console section of your browser and you have lost some functionality on your site, I will suggest a short but risky workaround. In the example I came across, the login part of my site was not working on the server where IIS is located. But I could login different clients without any problems. I did not experience this problem in browsers other than Chrome.

What is causing the problem is actually a security measure in Chrome. You can access the details of this measure from the links below.

You can completely disable this feature by going to “chrome://flags” and disabling “Cookies without SameSite must be secure”.  This will disable it for all sites, so it will be less secure when you aren’t developing too.

No Comments

Leave a Comment

Please be polite. We appreciate that.
Your email address will not be published and required fields are marked


This site uses Akismet to reduce spam. Learn how your comment data is processed.