Page MenuHomePhabricator
Create Task
Maniphest T342626

'<wiki-id>wmE-sessionTickLastTick*' cookies not setting samesite attribute
Open, Needs TriagePublic
Actions

Description

Screenshot 2023-07-25 at 12.45.25.png (71×2 px, 65 KB)

Cookie “mediawikiwikiwmE-sessionTickLastTickTime” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite
Cookie “mediawikiwikiwmE-sessionTickTickCount” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

See also:

Related Objects
Search...

Event Timeline

Reedy created this task.Jul 25 2023, 11:46 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 25 2023, 11:46 AM
Reedy updated the task description. (Show Details)Jul 25 2023, 11:46 AM
gabriel-wmde subscribed.Nov 30 2023, 5:33 PM
gabriel-wmde mentioned this in T349192: Prevent thank you banner display prevention after applying for membership.Dec 1 2023, 11:22 AM
Reedy added a parent task: T255366: SameSite cookie issues.Dec 18 2023, 3:28 PM
Tgr renamed this task from Cookies not setting samesite attribute to '<wiki-id>wmE-sessionTickLastTick*' cookies not setting samesite attribute.Jan 9 2024, 8:44 PM
Tgr mentioned this in T345032: Some cookies are misusing the recommended “SameSite“ attribute.Jan 9 2024, 8:53 PM
Tgr subscribed.Jan 9 2024, 8:55 PM

sessionTickLastTick is for unique device counts, right? Preventing those cookies on cross-site requests that aren't top-level navigation (which is the behavior with no SameSite attribute set) actually seems like a good thing there.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL