Cookie recipes - SameSite and beyond

Поділитися
Вставка
  • Опубліковано 22 гру 2024

КОМЕНТАРІ • 16

  • @LukePuplett
    @LukePuplett 4 роки тому +12

    Rowan is extremely clear and well-paced. Well done.

  • @abrarcalculas
    @abrarcalculas 4 роки тому +1

    The dev tools troubleshooting and the netlog_analyzer was super helpful. Now I can debug my cookie related nightmares without tearing the remainder of my hair. Thanks Rowan for this insightful lesson.

  • @dominiquebello3212
    @dominiquebello3212 4 роки тому +1

    Awesome! Just what I was looking for. So well explained, clear and strict to the point! Thank you!

  • @tim.e.l
    @tim.e.l 4 роки тому +1

    Mmmm cookies. Thanks for all the Devtools info it is always helpful to learn more about debugging issues like this. I have never dealt with giant websites so it has always been fairly easy, but this is great to know. I didn't think I would learn much, but I have to say I definitely learned a few things so thank you.

  • @rhncnd
    @rhncnd 4 роки тому +12

    I'll sticky note this cookie recipe on my fridge.

  • @RoterFruchtZwerg
    @RoterFruchtZwerg 4 роки тому +4

    Thx for this in depth look on the changes and debugging. However, whenever I see videos/tutorials on SameSite I miss information about all the edge cases that are not really irrelevant. Like how does samesite=strict affect top level navigations caused by opening a new tab, manually typing a URL, clicking a bookmark, a shortcut on the homescreen, a link inside a native app, a link inside an apps webview, a custom chrome tab, a chrome extension, etc... What about cascading redirects away and back to the site? That's important when dealing with federated logins (SAML, OAuth, ...). So many questions 🙈

    • @RowanMerewood
      @RowanMerewood 4 роки тому +3

      I appreciate there's a lot of scope and nuance out there. I've gone into some detail on the POST callback pattern here: goo.gle/samesite-3d-secure

  • @RajKumar04041992
    @RajKumar04041992 4 роки тому

    At 6:47 "So that blog hosting example, if you set up a SameSite equals Strict cookie, pretty much the same as your session, but you treat it like a token for write permission and validate that it's included on that form submission, then you can be pretty sure it came from the user submitting the form actually on your site."
    Can someone please help me understand the " but you treat it like a token for write permission and validate that it's included on that form submission" part.

  • @EddyVinck
    @EddyVinck 4 роки тому +3

    At some point someone will search for "cookie recipes" and stumble upon this video.

  • @demven04
    @demven04 3 роки тому

    Very interesting, thanks

  • @minumakes4961
    @minumakes4961 4 роки тому +1

    🌈 loved it, nicee recipe 💛💛💛

  • @PaulKinlan
    @PaulKinlan 4 роки тому

    Two bits.

  • @tylerchilton637
    @tylerchilton637 4 роки тому

    Chrome sucks. I just got bit by the same-site= lax "fix". This was a horrible move. You have no idea the amount of work this has caused and at the worst possible time...FML

    • @robertlinder8464
      @robertlinder8464 4 роки тому +2

      This is an effort by all major browsers to move to a more secure default for users. Deal with it.

    • @MaxCoplan
      @MaxCoplan 4 роки тому

      Also you had like 6 months to fix it