How Browsers Restrict Cookies in 2020

In my recent blog post for our Recolize Recommendation Blog I highlight some of changes that browser vendors are implementing regarding the handling of cookies in 2020.

One important note is also contained for Magento 1 shop owners:

As many of our customers are still using the popular Magento 1 online shop software here is a small trick you can use: Update Magento’s “core_config_data” table and set web/cookie/cookie_path value to /; SameSite=None; Secure

This is not a permanent solution, but it might be useful for a temporary workaround.

As an alternative to this workaround I have also implemented a small Magento 1 extension called Secure Cookies that can be downloaded on Github.

Please note that neglecting this change can result in broken behaviour for your Magento 1 shop! For example in browsers that do have SameSite=Lax by default now (like Firefox and Chrome), the redirect from the payment provider to the merchant may be broken because the session cookie is not there anymore and the shopping cart is cleared.

Also Mage One has already published a security patch that changes the cookie attributes.