Page MenuHomePhabricator

SessionLength cookie triggers warnings about SameSite attribute
Open, Needs TriagePublicBUG REPORT

Description

I noticed in my browser console that I am receiving warnings about cookies associated with the SessionLength analytics. This is on Mozilla Firefox version 91.0 while I'm signed into my WMF account on English Wikipedia. Not sure how long I'll be in the group that's in sessionlength tracking but I'm happy to do any other diagnostics that would be helpful.

Examples:

Cookie “enwikiwmE-sessionTickLastTickTime” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite inject.js:1550:27

Cookie “enwikiwmE-sessionTickTickCount” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite inject.js:1550:27

Cookie “enwikiel-sessionId” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite inject.js:1550:27

Related Objects

StatusSubtypeAssignedTask
OpenNone
OpenBUG REPORTNone

Event Timeline

Per https://www.mediawiki.org/wiki/Manual:SameSite_cookies#Browser_warnings it looks like these warnings can be ignored, as we have no need to send the cookies in question in any cross-domain AJAX requests.

Per https://www.mediawiki.org/wiki/Manual:SameSite_cookies#Browser_warnings it looks like these warnings can be ignored, as we have no need to send the cookies in question in any cross-domain AJAX requests.

In light of this, closing this task for now.