Hello there, because Chrome 80 would treat all cookie which does not mention SameSite=None as Lax Cookie, I am afraid mod_usertrack cookie cannot be used as a third party cookie. 1) Configure a httpd virtualhost/server which has mod_usertrack available. lets call it foobar.com . put a small image, let's say img1.png so that it could be accessible like foobar.com/img1.png 2) access foobar.com/img1.png. Make sure in browser that appropriate tracking cookie has been set. 3) Configure another httpd virtualhost/server, say bazbar.com, which has a page called test.html, containing reference to foobar.com/img1.png 4) While accessing bazbar.com/test.html, Chrome would put warning saying mod_usertrack cookie is set without SameSite attribute, and From Chrome 80, it will be treated as Lax cookie, unless explicitly marked as SameSite=None More info https://www.chromestatus.com/feature/5088147346030592 https://www.chromestatus.com/feature/5633521622188032
Created attachment 36965 [details] Patch for same
Submitted patch :)
Thanks Prashant. Do you think we need a backdoor per-request environment variable to avoid adding the parm for intolerant browsers? We don't need to calculate it, just check if some usertrack-no-samesite is present in subprocess_env table? You can see examples in mod_deflate of how no-gzip is checked.
(In reply to Eric Covener from comment #3) > Thanks Prashant. Do you think we need a backdoor per-request environment > variable to avoid adding the parm for intolerant browsers? We don't need to > calculate it, just check if some usertrack-no-samesite is present in > subprocess_env table? You can see examples in mod_deflate of how no-gzip is > checked. Hello Eric ! Got your point, buy me sometime to work on this, and I will get back to you, thanks !
submitted with tweaks in http://svn.apache.org/viewvc?view=revision&revision=1874389 and will propose for backport. Thanks again!