Amphtml: Analytics: Cookie writer to support custom SameSite value

Created on 15 Jan 2020  路  9Comments  路  Source: ampproject/amphtml

@ryanashcraft @pierre-b @leazus @misteryeo @colmsnowplow
Please let us know if there's request to change the SameSite value when setting cookie using the AMP provided cookie writing feature. Thanks.

High Priority Feature Request good first issue
Source
picture zhouyx

Most helpful comment

Understood. I can placed the issue as a P1. But I can't guarantee a timeline for this item. I'll pick it up asap. In the meantime, I'm more than happy to help if anyone could help with the code change.

picture zhouyx on 29 Aug 2020
2

All 9 comments

Hi @zhouyx , thanks for asking, we don't need this feature at the moment. We use the AMP cookie to persist the AMP cid until the user exits the Google CDN and lands on the real domain with the linker (cid in URL).

pierre-b picture pierre-b on 16 Jan 2020

Thank you @pierre-b

All, I'm going to label this issue P2 for now. But please do let us know if this feature is important for your business. We can prioritize it with the Chrome 80 launch approaching. Thanks.

zhouyx picture zhouyx on 16 Jan 2020

Thanks for asking @zhouyx , and apologies for late response.

We've instrumented our design around avoiding dependence on cookies for user identification as far as possible. As long as the AMP client ID is reliable, we're all good!

colmsnowplow picture colmsnowplow on 29 Jan 2020

Hi @zhouyx,
Sorry for the late response, and of course thank you for asking!
Currently, we don't need to apply the sameSite attribute for the AMP cookie (we use the CID and linker to pass it as a URL param)

leazus picture leazus on 30 Jan 2020

Thank you all for the response. That's also what I heard from Google Analytics. Given the feedback setting the priority to P3.

zhouyx picture zhouyx on 30 Jan 2020

Hi, all. I don't know if I am in the right issue.

I need to add cookieFlags with "secure;samesite=none" on AMP pages, because I have an iframe on a 3d party domain that should read the GA cookie from the first party domain. This stopped to work recently. (mid august)

Is it possible to add this attribute currently? It did not work when I added on "vars".

Thanks!

gui-poa picture gui-poa on 28 Aug 2020
👍1

Hi @gui-poa Thanks for reaching out.

We haven't added the sameSite and secure option to the cookieWriter config because there was no request to that. I think we should add that. Do you think if you can help with the code change? Let me know. Thanks!

zhouyx picture zhouyx on 28 Aug 2020

Hi, @zhouyx . Thanks for your reply! Unfortunately I do not have enough knowledge to help here.

Do you think it can be placed as p1? The regular version already supports Cookie Flags and we are currently without coverage of these flags for AMP, generating loss of data.

gui-poa picture gui-poa on 28 Aug 2020

Understood. I can placed the issue as a P1. But I can't guarantee a timeline for this item. I'll pick it up asap. In the meantime, I'm more than happy to help if anyone could help with the code change.

zhouyx picture zhouyx on 29 Aug 2020
2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

aghassemi picture aghassemi  路  3Comments
radiovisual picture radiovisual  路  3Comments
mkhatib picture mkhatib  路  3Comments
choumx picture choumx  路  3Comments
cvializ picture cvializ  路  3Comments