Page MenuHomePhabricator
Create Task
Maniphest T288660

SessionLength cookie triggers warnings about SameSite attribute
Closed, DeclinedPublicBUG REPORT
Actions

Description

I noticed in my browser console that I am receiving warnings about cookies associated with the SessionLength analytics. This is on Mozilla Firefox version 91.0 while I'm signed into my WMF account on English Wikipedia. Not sure how long I'll be in the group that's in sessionlength tracking but I'm happy to do any other diagnostics that would be helpful.

Examples:

Cookie “enwikiwmE-sessionTickLastTickTime” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite inject.js:1550:27

Cookie “enwikiwmE-sessionTickTickCount” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite inject.js:1550:27

Cookie “enwikiel-sessionId” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite inject.js:1550:27

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT255366 SameSite cookie issues
 DeclinedBUG REPORTNoneT288660 SessionLength cookie triggers warnings about SameSite attribute

Event Timeline

Isaac created this task.Aug 11 2021, 8:21 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 11 2021, 8:21 PM
jlinehan added a project: Metrics Platform.Aug 11 2021, 8:22 PM
jlinehan added a subscriber: Mholloway.
Mholloway added a parent task: T255366: SameSite cookie issues.Aug 12 2021, 2:03 PM
Mholloway added a comment.Aug 12 2021, 2:16 PM

Per https://www.mediawiki.org/wiki/Manual:SameSite_cookies#Browser_warnings it looks like these warnings can be ignored, as we have no need to send the cookies in question in any cross-domain AJAX requests.

Nirmos subscribed.Aug 12 2021, 3:08 PM
jlinehan added a comment.Aug 23 2021, 2:01 PM
In T288660#7278894, @Mholloway wrote:

Per https://www.mediawiki.org/wiki/Manual:SameSite_cookies#Browser_warnings it looks like these warnings can be ignored, as we have no need to send the cookies in question in any cross-domain AJAX requests.

In light of this, closing this task for now.

Redmin subscribed.Sep 29 2021, 9:39 AM
jlinehan moved this task from Backlog to Sign-off on the Metrics Platform board.Oct 4 2021, 2:30 PM
EChetty closed this task as Declined.Apr 5 2022, 12:27 PM
EChetty subscribed.

No longer relevant given that it can be ignored.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits