While looking into cookies that would be affected for our application, we noticed the cookies set by Lightstep, the lightstep_guid%F<cookiename> cookies didn't have SameSite or Secure set. I'm not terribly familiar with what these cookies are used for, but if they are potentially affected by this change in SameSite behavior, I figured it was worth filing an issue.
Another caveat on top of this change in default SameSite behavior, is that it isn't as simple as enabling for all browsers, as certain versions of Chrome will reject if this attribute is set. The list of incompatible clients is included here, which psuedocode as well.
Let me know if there's any additional information or clarification I can provide for this.
As you may be aware, in Chrome 80, they're changing the way that cookies are handled if the SameSite attribute isn't set for a cookie.
While looking into cookies that would be affected for our application, we noticed the cookies set by Lightstep, the
lightstep_guid%F<cookiename>cookies didn't have SameSite or Secure set. I'm not terribly familiar with what these cookies are used for, but if they are potentially affected by this change in SameSite behavior, I figured it was worth filing an issue.Another caveat on top of this change in default SameSite behavior, is that it isn't as simple as enabling for all browsers, as certain versions of Chrome will reject if this attribute is set. The list of incompatible clients is included here, which psuedocode as well.
Let me know if there's any additional information or clarification I can provide for this.