Overview
Explore the intricacies of SameSite cookies in this 42-minute conference talk from NDC Sydney 2020. Delve into the importance of SameSite cookies for website security, understanding their attributes and optimal usage. Learn about the Chrome team's plans to implement 'SameSite=Lax' as a default setting and its potential impact on web development. Discover how to properly configure SameSite attributes to enhance security without compromising functionality. Examine edge cases, potential bugs, and the differences between 'Strict', 'Lax', and 'None' settings. Gain insights into cross-site request forgery attacks, CSRF protection, and the concept of same-site domains. Witness browser demonstrations, explore testing tools, and understand the implications of SameSite cookies across different browsers. By the end of this talk, acquire the knowledge to effectively implement SameSite cookies and stay ahead of upcoming web security changes.
Syllabus
Introduction
What are SameSite Cookies
What are crosssite request forgery attacks
What is CSRF protection
Can you use SameSite
SameSiteStrict
SameSiteNone
Story Time
Browser Console
Google
Enable SameSite by Default
February 2020
April 2020
July 2020
SameSite Plus Post
What is a SameSite Domain
What is a Public Suffix List
Browser Demo
Samsung Cookies Tester
Manual Tester
Automated Tester
Firefox
Chrome
Incognito
What option do you use
Is samesite lacks by default dead
Taught by
NDC Conferences