Why did my cookies stop working?

Chrome 80+ defaults cookies to SameSite=Lax. If your cookie needs to work cross-site, explicitly set SameSite=None; Secure.

What about third-party cookie deprecation?

Chrome is phasing out third-party cookies. Use Privacy Sandbox APIs, first-party cookies, or server-side sessions as alternatives.

Browser Cookie SameSite Errors — Cross-Site Cookie Blocking

Warningsecurity

Overview

Fix cookie SameSite errors including 'cookie was not set because it did not have a SameSite attribute', cross-site cookie rejection, and third-party cookie blocking.

Key Details

SameSite attribute controls when cookies are sent with cross-site requests
SameSite values: Strict (never cross-site), Lax (top-level navigation only), None (always, requires Secure)
Chrome defaults cookies without SameSite to Lax since Chrome 80
SameSite=None requires the Secure attribute (cookie only sent over HTTPS)
Third-party cookie deprecation will eventually block all cross-site cookies

Common Causes

Cookie set without SameSite attribute, defaulting to Lax and breaking cross-site use
SameSite=None set without Secure attribute (required combination)
Third-party cookie blocking by browser settings or privacy extensions
Cross-site iframe or redirect losing cookies due to SameSite enforcement
OAuth flows broken because auth cookies are not sent in cross-site redirects

Steps

1Set SameSite explicitly: Set-Cookie: name=value; SameSite=None; Secure (for cross-site need)
2For same-site only cookies: Set-Cookie: name=value; SameSite=Lax (default, most cases)
3Ensure Secure flag is set when using SameSite=None (HTTPS required)
4For OAuth: ensure callback URLs match the cookie's site to use SameSite=Lax
5Test in Chrome DevTools > Application > Cookies — 'Issues' tab shows SameSite warnings