Why did my login break after a browser update?

Browser updates enforce SameSite defaults more strictly. If your login uses cross-site cookies (SSO, OAuth redirect) without explicit SameSite=None; Secure, the cookies are blocked, breaking the authentication flow.

What are third-party cookies and why are they being deprecated?

Third-party cookies are set by domains other than the one you are visiting. They enable cross-site tracking for advertising. Chrome is phasing them out for privacy. Use SameSite=None; Secure for legitimate cross-site needs, and explore Privacy Sandbox APIs for advertising use cases.

SameSite Cookie Blocked — Cross-Site Cookie Rejection and Third-Party Cookie Issues

Errorsecurity

Overview

Fix SameSite cookie warnings and blocked cross-site cookies affecting login sessions, payment processing, and embedded content functionality.

Key Details

SameSite is a cookie attribute that controls when cookies are sent in cross-site requests
Cookies without SameSite attribute default to SameSite=Lax in modern browsers
SameSite=Lax sends cookies for top-level navigation but not for cross-site sub-requests (images, iframes, AJAX)
SameSite=None; Secure is required for cookies that need to be sent in cross-site contexts
Third-party cookie deprecation in Chrome is separate from but related to SameSite enforcement

Common Causes

Cookie set without SameSite attribute and browser defaults it to Lax instead of None
Cross-origin iframe needing to access parent site cookies blocked by SameSite=Lax default
Payment provider redirect losing session cookies because they are cross-site requests
SSO (Single Sign-On) login flow failing because authentication cookies are blocked cross-site

Steps

1Identify blocked cookies: Chrome DevTools > Application > Cookies > look for yellow warning icons
2For cookies needed cross-site: set SameSite=None; Secure explicitly in the Set-Cookie header
3SameSite=None requires the Secure flag — cookies must be sent over HTTPS only
4For embedded content: use the Partitioned attribute (CHIPS) for cross-site cookies with privacy
5Test with Chrome flags: chrome://flags > search for 'SameSite' to test different enforcement levels

Related Items

browser-mixed-content-blocked-https

More in Security

windows-defender-errorsWindows Defender Errors — Antivirus Not Working or Updating

Error

windows-error-0x80073b01-defender-serviceWindows Error 0x80073B01 — Windows Defender Service Failed to Start

Error

windows-bitlocker-recovery-key-errorsBitLocker Recovery Key Errors — Drive Locked and Recovery Key Not Found

Critical

mac-gatekeeper-app-blockedMac Gatekeeper — App Cannot Be Opened (Unidentified Developer)

Warning

mac-filevault-recovery-errorsMac FileVault Errors — Encryption, Decryption & Recovery Key Issues

Error

mac-keychain-errors-passwordsMac Keychain Errors — Password Prompts, Locked Keychain, and Repair Guide

Warning

Frequently Asked Questions

Strict: cookie only sent for same-site requests. Lax: sent for same-site plus top-level cross-site navigation (clicking a link). None: sent for all requests including cross-site sub-requests (requires Secure flag and HTTPS).

SameSite Cookie Blocked — Cross-Site Cookie Rejection and Third-Party Cookie Issues

Overview

Key Details

Common Causes

Steps

Tags

Related Items

More in Security

Frequently Asked Questions